从汇编代码提取Shellcode的简单实现
2016-07-13 23:50
525 查看
#include <stdio.h>
unsigned char *asm_code()
{
__asm
{
lea eax,__code
jmp __ret
}
//这里放shellcode的汇编代码
//---------------------------------------------------------------------------------------------------------------------
__asm
{
__code:
xor ebx, ebx ; test.00405030
push ebx
push 4B435546h
mov eax, esp
push ebx
push eax
push eax
push ebx
mov eax, 77E18098h
call eax
mov eax, 77E6E01Ah
push ebx
call eax
}
//---------------------------------------------------------------------------------------------------------------------
//函数结语
__asm int 3
__asm { __ret: }
}
void main()
{
unsigned char temp;
int i = 1;
unsigned char *asm_p = asm_code();
FILE *fd = fopen("code.txt","w");
fprintf(fd,"unsigned char shellcode = \"");
while((temp = *asm_p) != 0xcc)
{
fprintf(fd,");
asm_p ++;
if(i % 8 == 0) fprintf(fd,"\"\n\"");
i ++;
}
fprintf(fd,"\";");
fclose(fd);
}
/*
生成的code.txt:
unsigned char shellcode = "\x33\xdb\x53\x68\x46\x55\x43\x4b"
"\x8b\xc4\x53\x50\x50\x53\xb8\x98"
"\x80\xe1\x77\xff\xd0\xb8\x1a\xe0"
"\xe6\x77\x53\xff\xd0";
*/
unsigned char *asm_code()
{
__asm
{
lea eax,__code
jmp __ret
}
//这里放shellcode的汇编代码
//---------------------------------------------------------------------------------------------------------------------
__asm
{
__code:
xor ebx, ebx ; test.00405030
push ebx
push 4B435546h
mov eax, esp
push ebx
push eax
push eax
push ebx
mov eax, 77E18098h
call eax
mov eax, 77E6E01Ah
push ebx
call eax
}
//---------------------------------------------------------------------------------------------------------------------
//函数结语
__asm int 3
__asm { __ret: }
}
void main()
{
unsigned char temp;
int i = 1;
unsigned char *asm_p = asm_code();
FILE *fd = fopen("code.txt","w");
fprintf(fd,"unsigned char shellcode = \"");
while((temp = *asm_p) != 0xcc)
{
fprintf(fd,");
asm_p ++;
if(i % 8 == 0) fprintf(fd,"\"\n\"");
i ++;
}
fprintf(fd,"\";");
fclose(fd);
}
/*
生成的code.txt:
unsigned char shellcode = "\x33\xdb\x53\x68\x46\x55\x43\x4b"
"\x8b\xc4\x53\x50\x50\x53\xb8\x98"
"\x80\xe1\x77\xff\xd0\xb8\x1a\xe0"
"\xe6\x77\x53\xff\xd0";
*/
相关文章推荐
- ie7 0day当中的shellcode的escape+xor21加密
- vbs shellcode转换escape加密
- Linux TCP反向连接shellcode
- 如何编写一个shellcode
- 通用shellcode的编写、调用 实验缓冲区溢出攻击(非远程)调用shellcode实例(二)
- 简单shellcode
- XSS ShellCode的调用
- shellcode
- 关于kernel32基地址获取
- 机器码作为shellcode运行时段错误
- linux64位shellcode代码注入
- 使用shellcode打造MSF免杀payload及shellcode加载技术
- shellcode学习总结
- Windows Shell Code编写中级拔高
- PE感染&ShellCode编写技术补充
- 通用shellcode测试
- msf生成payload过滤
- 兼容xp、win7、win8、win8.1、32位、64位的shellcode
- ShellCode编写
- 将数据放入代码中的shellcode函数