机器码->汇编
1 // ShellCode测试.cpp : 定义控制台应用程序的入口点。
// #include "stdafx.h"
#include <windows.h>
#include <iostream> using namespace std; typedef void*(*LPFN_FUNC_1)();
void Sub_1(); int main()
{
Sub_1(); return ;
} void Sub_1()
{ char ShellCode[] = { }; ShellCode[] = 0xEB;
ShellCode[] = ;
ShellCode[] = 0x10;
ShellCode[] = 0x00;
ShellCode[] = 0x00;
ShellCode[] = 0x00;
ShellCode[] = 0x8b;
ShellCode[] = 0xc1;
ShellCode[] = 0x48;
ShellCode[] = 0x8d;
ShellCode[] = 0x58;
ShellCode[] = 0xAA;
ShellCode[] = 0x49;
ShellCode[] = 0x89;
ShellCode[] = 0xd9;
ShellCode[] = 0x48;
ShellCode[] = 0x8d;
ShellCode[] = 0x58;
ShellCode[] = 0xBB;
ShellCode[] = 0x49;
ShellCode[] = 0x89;
ShellCode[] = 0xd8;
ShellCode[] = 0x48;
ShellCode[] = 0x31;
ShellCode[] = 0xd2;
ShellCode[] = 0x48;
ShellCode[] = 0x31;
ShellCode[] = 0xd1;
ShellCode[] = 0x48;
ShellCode[] = 0x8b;
ShellCode[] = 0x58;
ShellCode[] = 0xCC;
ShellCode[] = 0xff;
ShellCode[] = 0xd3;
ShellCode[] = 0x48;
ShellCode[] = 0x83;
ShellCode[] = 0xc4;
ShellCode[] = 0x20;
ShellCode[] = 0x5b;
ShellCode[] = 0xc3; VOID* VirtualAddress = (VOID*)VirtualAlloc(
NULL, sizeof(ShellCode), MEM_COMMIT, PAGE_EXECUTE_READWRITE); if (VirtualAddress == NULL)
{
return;
} memcpy(VirtualAddress, ShellCode, sizeof(ShellCode)); ((LPFN_FUNC_1)VirtualAddress)(); VirtualFree(VirtualAddress, sizeof(ShellCode), MEM_RELEASE);
VirtualAddress = NULL;
} /* EB char
0-127 正数
128-255 负数
*/
1.下断点
2.调试->反汇编
3.进入VirtualAddress (F11)
还有一些软件,x86下我用这个作为参考:
链接:http://pan.baidu.com/s/1c2Elh52 密码:2utn