最近在分析一些ie的漏洞,一般的shellcode都是C语言版的,所以就随手写个小工具
编程语言:C++, 利用MFC框架
整个工程的源码及可执行程序下载(release和debug版都有编译):https://github.com/giantbranch/convert-c-javascript-shellcode
先看看效果
转化代码:
c到javascript
void CConvertShellCodeDlg::OnButtonToJavascript()
{
// TODO: Add your control notification handler code here
UpdateData(TRUE); //将界面上的数据更新到变量
int c_format_len = strlen(m_c_format);
CString final;
char *result;
result = new char[c_format_len];
//将result置空
sprintf(result, "%s", "");
char *tmp = new char[10];
//如果shellcode不是偶数个字节
if (c_format_len % 8){
m_c_format = m_c_format + "\x00";
//将长度更新
c_format_len = strlen(m_c_format);
}
for (int i = 2; i <= c_format_len-6 ;i = i + 8 ){
CString tmp1 = m_c_format.Mid(i, 2);
CString tmp2 = m_c_format.Mid(i+4, 2);
sprintf(tmp, "\u%s%s", tmp2, tmp1);
strcat(result, tmp);
}
final.Format("%s", result);
m_javacript_format = final;
UpdateData(FALSE); //变量值更新到界面
}
javascript到C的
void CConvertShellCodeDlg::OnButtonToC()
{
// TODO: Add your control notification handler code here
UpdateData(TRUE); //将界面上的数据更新到变量
int javacript_format_len = strlen(m_javacript_format);
CString final;
char *result;
result = new char[javacript_format_len*2];
//将result置空
sprintf(result, "%s", "");
char *tmp = new char[10];
for (int i = 2; i <= javacript_format_len-4 ;i = i + 6 ){
CString tmp1 = m_javacript_format.Mid(i, 2);
CString tmp2 = m_javacript_format.Mid(i+2, 2);
sprintf(tmp, "\x%s\x%s", tmp2, tmp1);
strcat(result, tmp);
}
final.Format("%s", result);
m_c_format = final;
UpdateData(FALSE); //变量值更新到界面
}