[mark] first shellcode
好久没写博客了,今天终于搞出了第一个shellcode,以此mark一下。
#include "stdafx.h" #include <Windows.h> #include <tchar.h> int _tmain(int argc, _TCHAR* argv[]) { HMODULE hm = LoadLibrary(_T("kernel32.dll")); int addr = (int)GetProcAddress(hm, "WinExec"); int exitaddr = (int)GetProcAddress(hm, "ExitProcess"); printf("the address is %2x\r\nthe exitaddris %2x", addr, exitaddr); char buf[] = { "\x33\xc0" //xor eax,eax "\x50" //push eax "\xb8\x2e\x65\x78\x65" //mov eax,0x6578652e "\x50" //push eax "\xb8\x63\x61\x6c\x63" //mov eax,0x636c6163 "\x50" //push eax "\x89\xe0" //mov eax,esp "\x6a\x05" //push 0x5 "\x50" //push eax "\xb8\xa0\xf8\x0a\x77" //mov eax,770af8a0 "\xff\xd0" //call eax "\x33\xc0" // xor eax, eax "\x50" //push eax "\xb8\xb0\xad\x07\x77" //mov eax,7707adb0 "\xff\xd0" //call eax }; /* char buf[] = { 0x33, 0xc0, //xor eax,eax 0x50 , //push eax 0xb8, 0x2e, 0x65, 0x78, 0x65, //mov eax,0x6578652e 0x50, //push eax 0xb8, 0x63, 0x61, 0x6c, 0x63, //mov eax,0x636c6163 0x50, //push eax 0x89, 0xe0, //mov eax,esp 0x6a, 0x05, //push 0x5 0x50, //push eax 0xb8, 0xa0, 0xf8, 0x0a, 0x77, //mov eax,770af8a0 0xff, 0xd0, //call eax 0x33, 0xc0, // xor eax, eax 0x50, //push eax 0xb8, 0xb0, 0xad, 0x07, 0x77, //mov eax,7707adb0 0xff, 0xd0 //call eax }; */ __asm{ lea ecx, buf call ecx } /* __asm{ xor eax, eax push eax mov eax, 0x6578652E push eax mov eax, 0x636C6163 push eax mov eax, esp push 5 push eax mov eax, 0x770af8a0 call eax } */ //WinExec("calc.exe", SW_SHOW); ExitProcess(0); return 0; }
Live or die,that is a question.
浙公网安备 33010602011771号