absolutely. Concerning ShellCode... I have absolutely no previous knowledge of what it is, but this is what I've GUESSED from reading the article. And why executing shellcode works.

All binary code begins with the "MAIN function", which is really the pointer to the beginning of the code. That's the function that needs to be executed from WM_TIMER. The MAIN function begins where the executable header ends. In the case of .COM files - the entire binary is shellcode. So if you wanna learn how to write shellcode - learn how to write .COM files.

The reason I made that guess is cause the article said to copy the contents of a executeable and paste it into the control. Then to put an address with an offset of 54 into the WM_TIMER. I think this is so that you skip past the 54 byte header and go straight to the MAIN function pointer.

Think I'm right in my assumptions?

Concerning having a workable address to your shellcode... The program that automates this technique knows where it inserts the shellcode into memory (the article does suggest after all that it can be placed anywhere), so you have your address. Otherwise, if you use some sort of dynamic method of inserting the shellcode into memory (like placing the shellcode in the extra memory area that all windows have) - you can scan the memory to find the location of your shellcode and use that address. Remember, if you overwrite something with your shellcode - too bad, so sad. As long as it doesn't crash the system, you are in business.

lol, doing all this stuff is waaaaaaaaaay outside of my coding capabilities. I hope they're within yours.
_________________________
Domain Registration, Hosting, Management
http://www.dollardns.net