机器码->汇编
1 // ShellCode测试.cpp : 定义控制台应用程序的入口点。 2 // 3 4 #include "stdafx.h" 5 #include <windows.h> 6 #include <iostream> 7 8 9 10 using namespace std; 11 12 13 typedef void*(*LPFN_FUNC_1)(); 14 void Sub_1(); 15 16 17 int main() 18 { 19 Sub_1(); 20 21 22 return 0; 23 } 24 25 26 27 void Sub_1() 28 { 29 30 char ShellCode[40] = { 0 }; 31 32 ShellCode[0] = 0xEB; 33 ShellCode[1] = 128; 34 ShellCode[2] = 0x10; 35 ShellCode[3] = 0x00; 36 ShellCode[4] = 0x00; 37 ShellCode[5] = 0x00; 38 ShellCode[6] = 0x8b; 39 ShellCode[7] = 0xc1; 40 ShellCode[8] = 0x48; 41 ShellCode[9] = 0x8d; 42 ShellCode[10] = 0x58; 43 ShellCode[11] = 0xAA; 44 ShellCode[12] = 0x49; 45 ShellCode[13] = 0x89; 46 ShellCode[14] = 0xd9; 47 ShellCode[15] = 0x48; 48 ShellCode[16] = 0x8d; 49 ShellCode[17] = 0x58; 50 ShellCode[18] = 0xBB; 51 ShellCode[19] = 0x49; 52 ShellCode[20] = 0x89; 53 ShellCode[21] = 0xd8; 54 ShellCode[22] = 0x48; 55 ShellCode[23] = 0x31; 56 ShellCode[24] = 0xd2; 57 ShellCode[25] = 0x48; 58 ShellCode[26] = 0x31; 59 ShellCode[27] = 0xd1; 60 ShellCode[28] = 0x48; 61 ShellCode[29] = 0x8b; 62 ShellCode[30] = 0x58; 63 ShellCode[31] = 0xCC; 64 ShellCode[32] = 0xff; 65 ShellCode[33] = 0xd3; 66 ShellCode[34] = 0x48; 67 ShellCode[35] = 0x83; 68 ShellCode[36] = 0xc4; 69 ShellCode[37] = 0x20; 70 ShellCode[38] = 0x5b; 71 ShellCode[39] = 0xc3; 72 73 74 75 76 VOID* VirtualAddress = (VOID*)VirtualAlloc( 77 NULL, sizeof(ShellCode), MEM_COMMIT, PAGE_EXECUTE_READWRITE); 78 79 if (VirtualAddress == NULL) 80 { 81 return; 82 } 83 84 memcpy(VirtualAddress, ShellCode, sizeof(ShellCode)); 85 86 87 ((LPFN_FUNC_1)VirtualAddress)(); 88 89 90 VirtualFree(VirtualAddress, sizeof(ShellCode), MEM_RELEASE); 91 VirtualAddress = NULL; 92 } 93 94 95 /* 96 97 EB char 98 0-127 正数 99 128-255 负数 100 */
1.下断点
2.调试->反汇编
3.进入VirtualAddress (F11)
还有一些软件,x86下我用这个作为参考:
链接:http://pan.baidu.com/s/1c2Elh52 密码:2utn
