从汇编代码提取Shellcode的简单实现

#include <stdio.h>

unsigned char *asm_code()

{

__asm

{

   lea eax,__code

   jmp __ret

}

//这里放shellcode的汇编代码

//---------------------------------------------------------------------------------------------------------------------

__asm

{

__code:

xor     ebx, ebx                         ; test.00405030

push    ebx

push    4B435546h

mov     eax, esp

push    ebx

push    eax

push    eax

push    ebx

mov     eax, 77E18098h

call    eax

mov     eax, 77E6E01Ah

push    ebx

call    eax

}

//---------------------------------------------------------------------------------------------------------------------

//函数结语

__asm int 3

__asm { __ret: }

}

void main()

{

unsigned char temp;

int i = 1;

unsigned char *asm_p = asm_code();

FILE *fd = fopen("code.txt","w");

fprintf(fd,"unsigned char shellcode = \"");

while((temp = *asm_p) != 0xcc)

{

   fprintf(fd,");

   asm_p ++;

   if(i % 8 == 0) fprintf(fd,"\"\n\"");

   i ++;

}

fprintf(fd,"\";");

fclose(fd);

}

/*

生成的code.txt:

unsigned char shellcode = "\x33\xdb\x53\x68\x46\x55\x43\x4b"

"\x8b\xc4\x53\x50\x50\x53\xb8\x98"

"\x80\xe1\x77\xff\xd0\xb8\x1a\xe0"

"\xe6\x77\x53\xff\xd0";

*/