简单的SEH处理

#include "stdafx.h"
#include "stdlib.h"
#include <windows.h>
#include <EXCPT.h>
#include <tchar.h>

int main(int argc, char* argv[])
{
    BYTE shellcode[12]="x66xB8x01x20x66xBAx04x10x66xEFxC3";

    for (int i = 0; i < sizeof(shellcode); ++i){
        printf("%04d,0x%02X
", shellcode[i],shellcode[i]);
    }

    // SEH异常处理程序是在栈中捕获异常，其局限性比较大

    BYTE oldByte = 0;
    PBYTE pAddr  = NULL;
    DWORD dwProtect = 0;

    _asm mov  ebx,ebx
    _asm push eax
    _asm pop  eax
    _asm mov  eax,eax
    
    _try{
        
        _asm mov  EAX,EAX
        _asm mov  eax,eax
        _asm mov  eax,eax
        _asm mov  eax,eax

        HMODULE hMod  = LoadLibrary(_T("user32.dll"));
        pAddr = (PBYTE)GetProcAddress(hMod, _T("MessageBoxA"));
        
        
        VirtualProtect(pAddr, 1, PAGE_EXECUTE_READWRITE, &dwProtect);
        oldByte = *pAddr;
        printf("pAddr:0x%08X
", pAddr);
        printf("oldByte:%02d
", oldByte);
        *pAddr  = 0XCC;
        VirtualProtect(pAddr, 1, dwProtect, NULL);

        MessageBoxA(NULL, "Test","Test",MB_OK);

    }
    _except(EXCEPTION_EXECUTE_HANDLER){
        MessageBoxW(NULL, L"接管异常", L"异常处理",MB_OK);

        VirtualProtect(pAddr, 1, PAGE_EXECUTE_READWRITE, &dwProtect);
        memset(pAddr, oldByte, 1);
        VirtualProtect(pAddr, 1, dwProtect, NULL);

        MessageBoxA(NULL, "Test","Test",MB_OK);
    }
    
    system("pause");
    return 0;
}