zoukankan      html  css  js  c++  java
  • 方法

    机器码->汇编
    1
    // ShellCode测试.cpp : 定义控制台应用程序的入口点。 2 // 3 4 #include "stdafx.h" 5 #include <windows.h> 6 #include <iostream> 7 8 9 10 using namespace std; 11 12 13 typedef void*(*LPFN_FUNC_1)(); 14 void Sub_1(); 15 16 17 int main() 18 { 19 Sub_1(); 20 21 22 return 0; 23 } 24 25 26 27 void Sub_1() 28 { 29 30 char ShellCode[40] = { 0 }; 31 32 ShellCode[0] = 0xEB; 33 ShellCode[1] = 128; 34 ShellCode[2] = 0x10; 35 ShellCode[3] = 0x00; 36 ShellCode[4] = 0x00; 37 ShellCode[5] = 0x00; 38 ShellCode[6] = 0x8b; 39 ShellCode[7] = 0xc1; 40 ShellCode[8] = 0x48; 41 ShellCode[9] = 0x8d; 42 ShellCode[10] = 0x58; 43 ShellCode[11] = 0xAA; 44 ShellCode[12] = 0x49; 45 ShellCode[13] = 0x89; 46 ShellCode[14] = 0xd9; 47 ShellCode[15] = 0x48; 48 ShellCode[16] = 0x8d; 49 ShellCode[17] = 0x58; 50 ShellCode[18] = 0xBB; 51 ShellCode[19] = 0x49; 52 ShellCode[20] = 0x89; 53 ShellCode[21] = 0xd8; 54 ShellCode[22] = 0x48; 55 ShellCode[23] = 0x31; 56 ShellCode[24] = 0xd2; 57 ShellCode[25] = 0x48; 58 ShellCode[26] = 0x31; 59 ShellCode[27] = 0xd1; 60 ShellCode[28] = 0x48; 61 ShellCode[29] = 0x8b; 62 ShellCode[30] = 0x58; 63 ShellCode[31] = 0xCC; 64 ShellCode[32] = 0xff; 65 ShellCode[33] = 0xd3; 66 ShellCode[34] = 0x48; 67 ShellCode[35] = 0x83; 68 ShellCode[36] = 0xc4; 69 ShellCode[37] = 0x20; 70 ShellCode[38] = 0x5b; 71 ShellCode[39] = 0xc3; 72 73 74 75 76 VOID* VirtualAddress = (VOID*)VirtualAlloc( 77 NULL, sizeof(ShellCode), MEM_COMMIT, PAGE_EXECUTE_READWRITE); 78 79 if (VirtualAddress == NULL) 80 { 81 return; 82 } 83 84 memcpy(VirtualAddress, ShellCode, sizeof(ShellCode)); 85 86 87 ((LPFN_FUNC_1)VirtualAddress)(); 88 89 90 VirtualFree(VirtualAddress, sizeof(ShellCode), MEM_RELEASE); 91 VirtualAddress = NULL; 92 } 93 94 95 /* 96 97 EB char 98 0-127 正数 99 128-255 负数 100 */

    1.下断点

    2.调试->反汇编

     3.进入VirtualAddress (F11)

     还有一些软件,x86下我用这个作为参考:

    链接:http://pan.baidu.com/s/1c2Elh52 密码:2utn

  • 相关阅读:
    图片一句话木马简单制作方法
    kali各工具使用介绍
    隐写工具zsteg安装及使用教程
    内网渗透中mimikatz的使用
    kali meterpreter中mimikatz模块获取密码
    一个恐怖份子上传了这张照片到社交网络。里面藏了什么信息?
    攻防世界MISC进阶之签到题
    EMC存储重装系统分区丢失恢复方法
    服务器数据迁移方法
    教您分辨U盘不能识别是哪儿坏了
  • 原文地址:https://www.cnblogs.com/1228073191Blog/p/7483310.html
Copyright © 2011-2022 走看看