// 345.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
#include "stdio.h"
#include "windows.h"
char shellcode[]="\x66\x81\xEC\x54\x04\x33\xDB\x53\x68\x2E\x65\x78\x65\x68\x63\x61\x6C\x63\x8B\xC4\x6A\x05\x50\xB8\xAD\x23\x86\x7C\xFF\xD0\xBC\x14\x00\x00\x00";
int main(int argc, char* argv[])
{
printf("begin\n");
HINSTANCE libHandle;
char *dll="kernel32.dll";
libHandle=LoadLibrary(dll);
/*_asm{
sub esp,0x454
xor ebx,ebx
push ebx
push 0x6578652e //.exe
push 0x636c6163 //calc
mov eax,esp
push 5 //SW_SHOW
push eax //calc.exe
mov eax,0x7c8623ad //winexec的绝对地址
call eax
mov esp,20
};
*/
_asm{
lea eax,shellcode
push eax
ret
};
}
shellcode里面的内容来自第一个_asm{}中的机器码。
弹出效果:
868
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
