目录
漏洞环境
测试环境:Windows2000、VC++6.0、ollydbg(原版)
漏洞代码代码如下:
#include <stdio.h>
#include <Windows.h>
int main()
{
LoadLibraryA("user32.dll");
MessageBoxA(0,0,0,0);
char shellcode[1024];
int size=0;
FILE * fp=NULL;
if( !(fp=fopen("D:\\shellcode","rb")) )
{
printf("open file fail!\n");
exit(0);
}
// fscanf函数读取文件全部内容有弊端
fseek(fp, 0, SEEK_END);
size=ftell(fp);
fseek(fp, 0, SEEK_SET);
fread(shellcode,1,size,fp);
fclose(fp);
fp=NULL;
__asm
{
mov eax,fs:[0x30]
int 3 //used to break the process
}
HLOCAL h1,h2,h3,h4,h5,h6;
HANDLE hp;
hp = HeapCreate(0,0x1000,