win_x86 下的一些跳转指令
2017-08-18 10:56
441 查看
#include <windows.h> #include <stdio.h> #include <tchar.h> int main() { /*UCHAR ShellCode[] ={0xB8,0xAD,0x23,0x86,0x7C,0x6A,0x01,0x90,0x68,0x56, 0x23,0x00,0x00,0xFF,0xD0,0xEB,0x0A,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0xC2,0x00,0x00};*/ /* UCHAR ShellCode[] = {0x8b,0xff,0x55,0x8b,0xec,0x5d,0xeb,0x05}; 0099FC5C 8B FF mov edi,edi 0099FC5E 55 push ebp 0099FC5F 8B EC mov ebp,esp 0099FC61 5D pop ebp 0099FC62 EB 05 jmp 0099FC69 */ /* UCHAR ShellCode[] = {0xCC,0xCC,0xCC,0xCC,0xCC,0xeb,0x02,0x05}; CC int 3 006FF7DD CC int 3 006FF7DE CC int 3 006FF7DF CC int 3 006FF7E0 CC int 3 006FF7E1 EB 02 jmp 006FF7E5 */ /* UCHAR ShellCode[] = {0x8b,0xff,0x68,0,0x68,0,0x68,0}; 008FFD20 8B FF mov edi,edi 008FFD22 68 00 68 00 68 push 68006800h */ /* UCHAR ShellCode[] = {0xe9,0x12,0x34,0x56,0x78}; 00FFF8F0 E9 12 34 56 78 jmp 79562D07 = 00FFF8F0 + 5 + 0x 78 56 34 12 */ /* UCHAR ShellCode[] = {0xe8,0x12,0x34,0x56,0x78}; 0115FD6C E8 12 34 56 78 call 796C3183 = 0115FD6C + 5 + 0x 78 56 34 12 */ /* UCHAR ShellCode[] = {0x0f,0x80,0x12,0x34,0x56,0x78}; 004FFBD8 0F 80 12 34 56 78 jo 78A62FF0 = 004FFBD8 + 6 + 0x 78 56 34 12 */ /* UCHAR ShellCode[] = {0x0f,0x81,0x12,0x34,0x56,0x78}; 00EFFDF0 0F 81 12 34 56 78 jno 79463208 */ /* UCHAR ShellCode[] = {0x0f,0x82,0x12,0x34,0x56,0x78}; 008FFA60 0F 82 12 34 56 78 jb 78E62E78 */ /* UCHAR ShellCode[] = {0x0f,0x83,0x12,0x34,0x56,0x78}; 0095F79C 0F 83 12 34 56 78 jae 78EC2BB4 */ /* UCHAR ShellCode[] = {0x0f,0x84,0x12,0x34,0x56,0x78}; 00CFFD2C 0F 84 12 34 56 78 je 79263144 */ /* UCHAR ShellCode[] = {0x0f,0x85,0x12,0x34,0x56,0x78}; 00AFF924 0F 85 12 34 56 78 jne 79062D3C */ /* UCHAR ShellCode[] = {0x0f,0x86,0x12,0x34,0x56,0x78}; 00AFFB90 0F 86 12 34 56 78 jbe 79062FA8 */ /* UCHAR ShellCode[] = {0x0f,0x87,0x12,0x34,0x56,0x78}; 0055FBD4 0F 87 12 34 56 78 ja 78AC2FEC */ /* UCHAR ShellCode[] = {0x0f,0x88,0x12,0x34,0x56,0x78}; 005CF810 0F 88 12 34 56 78 js 78B32C28 */ /* UCHAR ShellCode[] = {0x0f,0x89,0x12,0x34,0x56,0x78}; 009BFCB0 0F 89 12 34 56 78 jns 78F230C8 */ /* UCHAR ShellCode[] = {0x0f,0x8a,0x12,0x34,0x56,0x78}; 00B7F790 0F 8A 12 34 56 78 jp 790E2BA8 */ /* UCHAR ShellCode[] = {0x0f,0x8b,0x12,0x34,0x56,0x78}; 006FFB88 0F 8B 12 34 56 78 jnp 78C62FA0 */ /* UCHAR ShellCode[] = {0x0f,0x8c,0x12,0x34,0x56,0x78}; 004FFED4 0F 8C 12 34 56 78 jl 78A632EC */ /* UCHAR ShellCode[] = {0x0f,0x8d,0x12,0x34,0x56,0x78}; 00F3FA60 0F 8D 12 34 56 78 jge 794A2E78 */ /* UCHAR ShellCode[] = {0x0f,0x8e,0x12,0x34,0x56,0x78}; 004FF8AC 0F 8E 12 34 56 78 jle 78A62CC4 */ /* UCHAR ShellCode[] = {0x0f,0x8f,0x12,0x34,0x56,0x78}; 00B5F8F4 0F 8F 12 34 56 78 jg 790C2D0C */ /* UCHAR ShellCode[] = {0x0f,0x90,0x12,0x34,0x56,0x78}; 00BAF860 0F 90 12 seto byte ptr [edx] 00BAF863 34 56 xor al,56h 00BAF865 78 CC js 00BAF833 */ /* UCHAR ShellCode[] = {0xeb,0x12,0x34,0x56,0x78}; 006FF944 EB 12 jmp 006FF958 = 006FF944 + (byte)ox12 + 2 */ /* UCHAR ShellCode[] = {0xeb,0x12,0x34,0x56,0x78}; 0076FDFC EB FF jmp 0076FDFD = 0076FDFC + (byte)0xff(-1) + 2 */ /* UCHAR ShellCode[] = {0x70,0x12,0x34,0x56,0x78}; 010FF730 70 12 jo 010FF744 地址计算同上 */ /* UCHAR ShellCode[] = {0x71,0x12,0x34,0x56,0x78}; 001AF860 71 12 jno 001AF874 */ /* UCHAR ShellCode[] = {0x72,0x12,0x34,0x56,0x78}; 006FFDB8 72 12 jb 006FFDCC */ /* UCHAR ShellCode[] = {0x73,0x12,0x34,0x56,0x78}; 010FF998 73 12 jae 010FF9AC */ /* UCHAR ShellCode[] = {0x74,0x12,0x34,0x56,0x78}; 005AFA58 74 12 je 005AFA6C */ /* UCHAR ShellCode[] = {0x75,0x12,0x34,0x56,0x78}; 006FF758 75 12 jne 006FF76C */ /* UCHAR ShellCode[] = {0x76,0x12,0x34,0x56,0x78}; 004FF8B0 76 12 jbe 004FF8C4 */ /* UCHAR ShellCode[] = {0x77,0x12,0x34,0x56,0x78}; 0135F840 77 12 ja 0135F854 */ /* UCHAR ShellCode[] = {0x78,0x12,0x34,0x56,0x78}; 0093FE18 78 12 js 0093FE2C */ /* UCHAR ShellCode[] = {0x79,0x12,0x34,0x56,0x78}; 0082FCC8 79 12 jns 0082FCDC */ /* UCHAR ShellCode[] = {0x7a,0x12,0x34,0x56,0x78}; 003FFAF4 7A 12 jp 003FFB08 */ /* UCHAR ShellCode[] = {0x7b,0x12,0x34,0x56,0x78}; 006FFBCC 7B 12 jnp 006FFBE0 */ /* UCHAR ShellCode[] = {0x7c,0x12,0x34,0x56,0x78}; 012FFC40 7C 12 jl 012FFC54 */ /* UCHAR ShellCode[] = {0x7d,0x12,0x34,0x56,0x78}; 00B8FDFC 7D 12 jge 00B8FE10 */ /* UCHAR ShellCode[] = {0x7e,0x12,0x34,0x56,0x78}; 00CFFCC8 7E 12 jle 00CFFCDC */ /* UCHAR ShellCode[] = {0x7f,0x12,0x34,0x56,0x78}; 00EFFD20 7F 12 jg 00EFFD34 */ /* UCHAR ShellCode[] = {0xb8,0x12,0x34,0x56,0x78}; 00EFFE8C B8 12 34 56 78 mov eax,78563412h */ /* UCHAR ShellCode[] = {0xff,0x25,0x10,0x20,0x80,0x00}; 00EFF8D0 FF 25 10 20 80 00 jmp dword ptr ds:[802010h] */ /* UCHAR ShellCode[] = {0x90,0x90,0xe9,0x12,0x34,0x56,0x78}; 012FF7A4 90 nop 012FF7A5 90 nop 012FF7A6 E9 12 34 56 78 jmp 79862BBD */ /* UCHAR ShellCode[] = {0xc3,0x12,0x34,0x56,0x78}; 00EFFD9C C3 ret */ UCHAR ShellCode[] = {0xc2,0x12,0x34,0x56,0x78}; /* UCHAR ShellCode[] = {0xc2,0x12,0x34,0x56,0x78}; 004FF86C C2 12 34 ret 3412h */ DWORD dwOld; VirtualProtect(ShellCode,sizeof(ShellCode),PAGE_EXECUTE_READWRITE,&dwOld); typedef VOID (* pfn) (); pfn func = (pfn)&ShellCode[0]; /* memset((unsigned char*)ShellCode + 0x11,0,0x0A); memcpy ((unsigned char*)ShellCode + 0x11, "C:\\1.exe",strlen("C:\\1.exe")); ULONG* data_addr = (ULONG*)((char*)ShellCode+0x9); *data_addr = (ULONG)(((char*)ShellCode)+0x11); */ func(); VirtualProtect(ShellCode,sizeof(ShellCode),dwOld,&dwOld); return 0; }
相关文章推荐
- 段间跳转指令jmpi go,INITSEG(x86)
- arm跳转指令
- arm的分支(跳转)指令
- 跳转指令 jmp、call、ret、retf
- ARM的跳转指令
- 汇编学习(18)跳转指令
- sim900 一些有用的指令
- JAVAWEB两种跳转方式的区别及常用的一些场景
- oracle一些常用指令记录(总结)
- 安卓界面上一些简单QQ 一键加群,微信号 手机号跳转,可用在app关于我们的界面中
- 汇编-x86指令查看
- 原子操作与 x86 上的 lock 指令前缀
- 关于ARM的B,BL跳转指令
- 一些LINUX简单指令
- IA32平台指令优化一些使用过的有用技术
- arm第八天(汇编指令之跳转指令)
- Linux一些指令
- 终端下的一些指令
- 一些菜鸟指令吧
- nginx-rtmp一些指令