win_x86 下的一些跳转指令

#include <windows.h>
#include <stdio.h>
#include <tchar.h>
int main()
{

/*UCHAR ShellCode[] ={0xB8,0xAD,0x23,0x86,0x7C,0x6A,0x01,0x90,0x68,0x56,
0x23,0x00,0x00,0xFF,0xD0,0xEB,0x0A,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0xC2,0x00,0x00};*/

/*
UCHAR ShellCode[] = {0x8b,0xff,0x55,0x8b,0xec,0x5d,0xeb,0x05};
0099FC5C 8B FF                mov         edi,edi
0099FC5E 55                   push        ebp
0099FC5F 8B EC                mov         ebp,esp
0099FC61 5D                   pop         ebp
0099FC62 EB 05                jmp         0099FC69
*/
/*
UCHAR ShellCode[] = {0xCC,0xCC,0xCC,0xCC,0xCC,0xeb,0x02,0x05};
CC                   int         3
006FF7DD CC                   int         3
006FF7DE CC                   int         3
006FF7DF CC                   int         3
006FF7E0 CC                   int         3
006FF7E1 EB 02                jmp         006FF7E5
*/

/*
UCHAR ShellCode[] = {0x8b,0xff,0x68,0,0x68,0,0x68,0};
008FFD20 8B FF                mov         edi,edi
008FFD22 68 00 68 00 68       push        68006800h
*/

/*
UCHAR ShellCode[] = {0xe9,0x12,0x34,0x56,0x78};
00FFF8F0 E9 12 34 56 78       jmp         79562D07  = 00FFF8F0 + 5 + 0x 78 56 34 12
*/

/*
UCHAR ShellCode[] = {0xe8,0x12,0x34,0x56,0x78};
0115FD6C E8 12 34 56 78       call        796C3183 =  0115FD6C + 5 + 0x 78 56 34 12
*/

/*
UCHAR ShellCode[] = {0x0f,0x80,0x12,0x34,0x56,0x78};
004FFBD8 0F 80 12 34 56 78    jo          78A62FF0 = 004FFBD8 + 6 + 0x 78 56 34 12
*/

/*
UCHAR ShellCode[] = {0x0f,0x81,0x12,0x34,0x56,0x78};
00EFFDF0 0F 81 12 34 56 78    jno         79463208
*/

/*
UCHAR ShellCode[] = {0x0f,0x82,0x12,0x34,0x56,0x78};
008FFA60 0F 82 12 34 56 78    jb          78E62E78
*/

/*
UCHAR ShellCode[] = {0x0f,0x83,0x12,0x34,0x56,0x78};
0095F79C 0F 83 12 34 56 78    jae         78EC2BB4
*/

/*
UCHAR ShellCode[] = {0x0f,0x84,0x12,0x34,0x56,0x78};
00CFFD2C 0F 84 12 34 56 78    je          79263144
*/

/*
UCHAR ShellCode[] = {0x0f,0x85,0x12,0x34,0x56,0x78};
00AFF924 0F 85 12 34 56 78    jne         79062D3C
*/

/*
UCHAR ShellCode[] = {0x0f,0x86,0x12,0x34,0x56,0x78};
00AFFB90 0F 86 12 34 56 78    jbe         79062FA8
*/

/*
UCHAR ShellCode[] = {0x0f,0x87,0x12,0x34,0x56,0x78};
0055FBD4 0F 87 12 34 56 78    ja          78AC2FEC
*/

/*
UCHAR ShellCode[] = {0x0f,0x88,0x12,0x34,0x56,0x78};
005CF810 0F 88 12 34 56 78    js          78B32C28
*/

/*
UCHAR ShellCode[] = {0x0f,0x89,0x12,0x34,0x56,0x78};
009BFCB0 0F 89 12 34 56 78    jns         78F230C8
*/

/*
UCHAR ShellCode[] = {0x0f,0x8a,0x12,0x34,0x56,0x78};
00B7F790 0F 8A 12 34 56 78    jp          790E2BA8
*/

/*
UCHAR ShellCode[] = {0x0f,0x8b,0x12,0x34,0x56,0x78};
006FFB88 0F 8B 12 34 56 78    jnp         78C62FA0
*/

/*
UCHAR ShellCode[] = {0x0f,0x8c,0x12,0x34,0x56,0x78};
004FFED4 0F 8C 12 34 56 78    jl          78A632EC
*/

/*
UCHAR ShellCode[] = {0x0f,0x8d,0x12,0x34,0x56,0x78};
00F3FA60 0F 8D 12 34 56 78    jge         794A2E78
*/

/*
UCHAR ShellCode[] = {0x0f,0x8e,0x12,0x34,0x56,0x78};
004FF8AC 0F 8E 12 34 56 78    jle         78A62CC4
*/

/*
UCHAR ShellCode[] = {0x0f,0x8f,0x12,0x34,0x56,0x78};
00B5F8F4 0F 8F 12 34 56 78    jg          790C2D0C
*/

/*
UCHAR ShellCode[] = {0x0f,0x90,0x12,0x34,0x56,0x78};
00BAF860 0F 90 12             seto        byte ptr [edx]
00BAF863 34 56                xor         al,56h
00BAF865 78 CC                js          00BAF833
*/

/*
UCHAR ShellCode[] = {0xeb,0x12,0x34,0x56,0x78};
006FF944 EB 12                jmp         006FF958 = 006FF944 + (byte)ox12 + 2
*/

/*
UCHAR ShellCode[] = {0xeb,0x12,0x34,0x56,0x78};
0076FDFC EB FF                jmp         0076FDFD = 0076FDFC + (byte)0xff(-1) + 2
*/

/*
UCHAR ShellCode[] = {0x70,0x12,0x34,0x56,0x78};
010FF730 70 12                jo          010FF744  地址计算同上
*/

/*
UCHAR ShellCode[] = {0x71,0x12,0x34,0x56,0x78};
001AF860 71 12                jno         001AF874
*/

/*
UCHAR ShellCode[] = {0x72,0x12,0x34,0x56,0x78};
006FFDB8 72 12                jb          006FFDCC
*/

/*
UCHAR ShellCode[] = {0x73,0x12,0x34,0x56,0x78};
010FF998 73 12                jae         010FF9AC
*/

/*
UCHAR ShellCode[] = {0x74,0x12,0x34,0x56,0x78};
005AFA58 74 12                je          005AFA6C
*/

/*
UCHAR ShellCode[] = {0x75,0x12,0x34,0x56,0x78};
006FF758 75 12                jne         006FF76C
*/

/*
UCHAR ShellCode[] = {0x76,0x12,0x34,0x56,0x78};
004FF8B0 76 12                jbe         004FF8C4
*/

/*
UCHAR ShellCode[] = {0x77,0x12,0x34,0x56,0x78};
0135F840 77 12                ja          0135F854
*/

/*
UCHAR ShellCode[] = {0x78,0x12,0x34,0x56,0x78};
0093FE18 78 12                js          0093FE2C
*/

/*
UCHAR ShellCode[] = {0x79,0x12,0x34,0x56,0x78};
0082FCC8 79 12                jns         0082FCDC
*/

/*
UCHAR ShellCode[] = {0x7a,0x12,0x34,0x56,0x78};
003FFAF4 7A 12                jp          003FFB08
*/

/*
UCHAR ShellCode[] = {0x7b,0x12,0x34,0x56,0x78};
006FFBCC 7B 12                jnp         006FFBE0
*/

/*
UCHAR ShellCode[] = {0x7c,0x12,0x34,0x56,0x78};
012FFC40 7C 12                jl          012FFC54
*/

/*
UCHAR ShellCode[] = {0x7d,0x12,0x34,0x56,0x78};
00B8FDFC 7D 12                jge         00B8FE10
*/

/*
UCHAR ShellCode[] = {0x7e,0x12,0x34,0x56,0x78};
00CFFCC8 7E 12                jle         00CFFCDC
*/

/*
UCHAR ShellCode[] = {0x7f,0x12,0x34,0x56,0x78};
00EFFD20 7F 12                jg          00EFFD34
*/

/*
UCHAR ShellCode[] = {0xb8,0x12,0x34,0x56,0x78};
00EFFE8C B8 12 34 56 78       mov         eax,78563412h
*/

/*
UCHAR ShellCode[] = {0xff,0x25,0x10,0x20,0x80,0x00};
00EFF8D0 FF 25 10 20 80 00    jmp         dword ptr ds:[802010h]
*/

/*
UCHAR ShellCode[] = {0x90,0x90,0xe9,0x12,0x34,0x56,0x78};
012FF7A4 90                   nop
012FF7A5 90                   nop
012FF7A6 E9 12 34 56 78       jmp         79862BBD
*/

/*
UCHAR ShellCode[] = {0xc3,0x12,0x34,0x56,0x78};
00EFFD9C C3                   ret
*/
UCHAR ShellCode[] = {0xc2,0x12,0x34,0x56,0x78};
/*
UCHAR ShellCode[] = {0xc2,0x12,0x34,0x56,0x78};
004FF86C C2 12 34             ret         3412h
*/
DWORD   dwOld;
VirtualProtect(ShellCode,sizeof(ShellCode),PAGE_EXECUTE_READWRITE,&dwOld);
typedef VOID (* pfn) ();
pfn func = (pfn)&ShellCode[0];
/*  memset((unsigned char*)ShellCode + 0x11,0,0x0A);
memcpy ((unsigned char*)ShellCode + 0x11,
"C:\\1.exe",strlen("C:\\1.exe"));

ULONG* data_addr = (ULONG*)((char*)ShellCode+0x9);
*data_addr = (ULONG)(((char*)ShellCode)+0x11);
*/
func();
VirtualProtect(ShellCode,sizeof(ShellCode),dwOld,&dwOld);
return 0;
}