生成shellcode并自动提取:

//生成shellcode并自动提取:

#include <stdio.h>
#include <Windows.h>

int main(int argc, char * argv[])
{

    DWORD Start, End, Len;
    goto GetShellCode;
    __asm
    {
    ShellCodeStart:
        mov ebx, dword ptr fs : [0x30]
            mov ecx, dword ptr[ebx + 0xc]
            mov ecx, dword ptr[ecx + 0x1c]
            mov ecx, [ecx]
            mov edx, [ecx + 0x8]; kernelbase.dll

            mov eax, [edx + 0x3c]
            mov ecx, [edx + eax + 0x78]
            add ecx, edx
            mov ebx, [ecx + 0x20]
            add ebx, edx
            xor edi, edi
        s1 :
        inc edi
            mov esi, [ebx + edi * 4]
            add esi, edx

            cmp esi, edx
            je no
            loop s1
        no :
        xor eax, eax
    ShellCodeEnd:
    }


GetShellCode:
    
    
    __asm
    {
        mov Start, offset ShellCodeStart;
        mov End, offset ShellCodeEnd;
    }


    Len = End - Start;
    
                  unsigned char *newBuffer = new unsigned char[Len + 1024];

    memset(newBuffer, 0, Len + 1024);
    memcpy(newBuffer, (unsigned char *)Start, Len);
    
    FILE *fp = fopen("shellcode.txt", "wb+");
    
    //fwrite(newBuffer, Len, 1, fp);
    //_fcloseall();
    
    fwrite("unsigned char Buffer[] = {", 22, 1, fp);
    for (int x = 0; x <Len; x++)
    {
            if (x % 16 == 0)
            fwrite("\r\n", 2, 1, fp);
            fprintf(fp, "0x%02x,", newBuffer[x]);
    }
    fwrite("\n};", 2, 1, fp);
    _fcloseall();
    
    system("pause");
    return 0;
}

 

上一篇:缓冲区溢出实验


下一篇:缓冲区溢出实验