#include <windows.h>
#include <stdio.h>
#include <tchar.h>
int main()
{
/*UCHAR ShellCode[] ={0xB8,0xAD,0x23,0x86,0x7C,0x6A,0x01,0x90,0x68,0x56,
0x23,0x00,0x00,0xFF,0xD0,0xEB,0x0A,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0xC2,0x00,0x00};*/
/*
UCHAR ShellCode[] = {0x8b,0xff,0x55,0x8b,0xec,0x5d,0xeb,0x05};
0099FC5C 8B FF mov edi,edi
0099FC5E 55 push ebp
0099FC5F 8B EC mov ebp,esp
0099FC61 5D pop ebp
0099FC62 EB 05 jmp 0099FC69
*/
/*
UCHAR ShellCode[] = {0xCC,0xCC,0xCC,0xCC,0xCC,0xeb,0x02,0x05};
CC int 3
006FF7DD CC int 3
006FF7DE CC int 3
006FF7DF CC int 3
006FF7E0 CC int 3
006FF7E1 EB 02 jmp 006FF7E5
*/
/*
UCHAR ShellCode[] = {0x8b,0xff,0x68,0,0x68,0,0x68,0};
008FFD20 8B FF mov edi,edi
008FFD22 68 00 68 00 68 push 68006800h
*/
/*
UCHAR ShellCode[] = {0xe9,0x12,0x34,0x56,0x78};
00FFF8F0 E9 12 34 56 78 jmp 79562D07 = 00FFF8F0 + 5 + 0x 78 56 34 12
*/
/*
UCHAR ShellCode[] = {0xe8,0x12,0x34,0x56,0x78};
0115FD6C E8 12 34 56 78 call 796C3183 = 0115FD6C + 5 + 0x 78 56 34 12
*/
/*
UCHAR ShellCode[] = {0x0f,0x80,0x12,0x34,0x56,0x78};
004FFBD8 0F 80 12 34 56 78 jo 78A62FF0 = 004FFBD8 + 6 + 0x 78 56 34 12
*/
/*
UCHAR ShellCode[] = {0x0f,0x81,0x12,0x34,0x56,0x78};
00EFFDF0 0F 81 12 34 56 78 jno 79463208
*/
/*
UCHAR ShellCode[] = {0x0f,0x82,0x12,0x34,0x56,0x78};
008FFA60 0F 82 12 34 56 78 jb 78E62E78
*/
/*
UCHAR ShellCode[] = {0x0f,0x83,0x12,0x34,0x56,0x78};
0095F79C 0F 83 12 34 56 78 jae 78EC2BB4
*/
/*
UCHAR ShellCode[] = {0x0f,0x84,0x12,0x34,0x56,0x78};
00CFFD2C 0F 84 12 34 56 78 je 79263144
*/
/*
UCHAR ShellCode[] = {0x0f,0x85,0x12,0x34,0x56,0x78};
00AFF924 0F 85 12 34 56 78 jne 79062D3C
*/
/*
UCHAR ShellCode[] = {0x0f,0x86,0x12,0x34,0x56,0x78};
00AFFB90 0F 86 12 34 56 78 jbe 79062FA8
*/
/*
UCHAR ShellCode[] = {0x0f,0x87,0x12,0x34,0x56,0x78};
0055FBD4 0F 87 12 34 56 78 ja 78AC2FEC
*/
/*
UCHAR ShellCode[] = {0x0f,0x88,0x12,0x34,0x56,0x78};
005CF810 0F 88 12 34 56 78 js 78B32C28
*/
/*
UCHAR ShellCode[] = {0x0f,0x89,0x12,0x34,0x56,0x78};
009BFCB0 0F 89 12 34 56 78 jns 78F230C8
*/
/*
UCHAR ShellCode[] = {0x0f,0x8a,0x12,0x34,0x56,0x78};
00B7F790 0F 8A 12 34 56 78 jp 790E2BA8
*/
/*
UCHAR ShellCode[] = {0x0f,0x8b,0x12,0x34,0x56,0x78};
006FFB88 0F 8B 12 34 56 78 jnp 78C62FA0
*/
/*
UCHAR ShellCode[] = {0x0f,0x8c,0x12,0x34,0x56,0x78};
004FFED4 0F 8C 12 34 56 78 jl 78A632EC
*/
/*
UCHAR ShellCode[] = {0x0f,0x8d,0x12,0x34,0x56,0x78};
00F3FA60 0F 8D 12 34 56 78 jge 794A2E78
*/
/*
UCHAR ShellCode[] = {0x0f,0x8e,0x12,0x34,0x56,0x78};
004FF8AC 0F 8E 12 34 56 78 jle 78A62CC4
*/
/*
UCHAR ShellCode[] = {0x0f,0x8f,0x12,0x34,0x56,0x78};
00B5F8F4 0F 8F 12 34 56 78 jg 790C2D0C
*/
/*
UCHAR ShellCode[] = {0x0f,0x90,0x12,0x34,0x56,0x78};
00BAF860 0F 90 12 seto byte ptr [edx]
00BAF863 34 56 xor al,56h
00BAF865 78 CC js 00BAF833
*/
/*
UCHAR ShellCode[] = {0xeb,0x12,0x34,0x56,0x78};
006FF944 EB 12 jmp 006FF958 = 006FF944 + (byte)ox12 + 2
*/
/*
UCHAR ShellCode[] = {0xeb,0x12,0x34,0x56,0x78};
0076FDFC EB FF jmp 0076FDFD = 0076FDFC + (byte)0xff(-1) + 2
*/
/*
UCHAR ShellCode[] = {0x70,0x12,0x34,0x56,0x78};
010FF730 70 12 jo 010FF744 地址计算同上
*/
/*
UCHAR ShellCode[] = {0x71,0x12,0x34,0x56,0x78};
001AF860 71 12 jno 001AF874
*/
/*
UCHAR ShellCode[] = {0x72,0x12,0x34,0x56,0x78};
006FFDB8 72 12 jb 006FFDCC
*/
/*
UCHAR ShellCode[] = {0x73,0x12,0x34,0x56,0x78};
010FF998 73 12 jae 010FF9AC
*/
/*
UCHAR ShellCode[] = {0x74,0x12,0x34,0x56,0x78};
005AFA58 74 12 je 005AFA6C
*/
/*
UCHAR ShellCode[] = {0x75,0x12,0x34,0x56,0x78};
006FF758 75 12 jne 006FF76C
*/
/*
UCHAR ShellCode[] = {0x76,0x12,0x34,0x56,0x78};
004FF8B0 76 12 jbe 004FF8C4
*/
/*
UCHAR ShellCode[] = {0x77,0x12,0x34,0x56,0x78};
0135F840 77 12 ja 0135F854
*/
/*
UCHAR ShellCode[] = {0x78,0x12,0x34,0x56,0x78};
0093FE18 78 12 js 0093FE2C
*/
/*
UCHAR ShellCode[] = {0x79,0x12,0x34,0x56,0x78};
0082FCC8 79 12 jns 0082FCDC
*/
/*
UCHAR ShellCode[] = {0x7a,0x12,0x34,0x56,0x78};
003FFAF4 7A 12 jp 003FFB08
*/
/*
UCHAR ShellCode[] = {0x7b,0x12,0x34,0x56,0x78};
006FFBCC 7B 12 jnp 006FFBE0
*/
/*
UCHAR ShellCode[] = {0x7c,0x12,0x34,0x56,0x78};
012FFC40 7C 12 jl 012FFC54
*/
/*
UCHAR ShellCode[] = {0x7d,0x12,0x34,0x56,0x78};
00B8FDFC 7D 12 jge 00B8FE10
*/
/*
UCHAR ShellCode[] = {0x7e,0x12,0x34,0x56,0x78};
00CFFCC8 7E 12 jle 00CFFCDC
*/
/*
UCHAR ShellCode[] = {0x7f,0x12,0x34,0x56,0x78};
00EFFD20 7F 12 jg 00EFFD34
*/
/*
UCHAR ShellCode[] = {0xb8,0x12,0x34,0x56,0x78};
00EFFE8C B8 12 34 56 78 mov eax,78563412h
*/
/*
UCHAR ShellCode[] = {0xff,0x25,0x10,0x20,0x80,0x00};
00EFF8D0 FF 25 10 20 80 00 jmp dword ptr ds:[802010h]
*/
/*
UCHAR ShellCode[] = {0x90,0x90,0xe9,0x12,0x34,0x56,0x78};
012FF7A4 90 nop
012FF7A5 90 nop
012FF7A6 E9 12 34 56 78 jmp 79862BBD
*/
/*
UCHAR ShellCode[] = {0xc3,0x12,0x34,0x56,0x78};
00EFFD9C C3 ret
*/
UCHAR ShellCode[] = {0xc2,0x12,0x34,0x56,0x78};
/*
UCHAR ShellCode[] = {0xc2,0x12,0x34,0x56,0x78};
004FF86C C2 12 34 ret 3412h
*/
DWORD dwOld;
VirtualProtect(ShellCode,sizeof(ShellCode),PAGE_EXECUTE_READWRITE,&dwOld);
typedef VOID (* pfn) ();
pfn func = (pfn)&ShellCode[0];
/* memset((unsigned char*)ShellCode + 0x11,0,0x0A);
memcpy ((unsigned char*)ShellCode + 0x11,
"C:\\1.exe",strlen("C:\\1.exe"));
ULONG* data_addr = (ULONG*)((char*)ShellCode+0x9);
*data_addr = (ULONG)(((char*)ShellCode)+0x11);
*/
func();
VirtualProtect(ShellCode,sizeof(ShellCode),dwOld,&dwOld);
return 0;
}
win_x86 下的一些跳转指令
最新推荐文章于 2024-04-25 09:57:07 发布