[求助]代码，怎么不行啦?-付费问答-看雪-安全社区|安全招聘|kanxue.com

[旧帖] [求助]代码，怎么不行啦? 0.00雪花

发表于: 2008-4-9 09:56 2242

[旧帖] [求助]代码，怎么不行啦? 0.00雪花

ELyt

2008-4-9 09:56

2242

#include<windows.h>
void main()
{
_asm
{
xor ebx,ebx
push ebx
push 0x2032336C
push 0x6C656873
mov eax,esp
push eax
mov esi,0x7C883F9C
call esi //call loadlibrary
xor ebx,ebx
push ebx
push 0x6E65706F //eax="open"
mov eax,esp
push ebx
push 0x6E776F64
push 0x74756873
mov ecx,esp //ecx="shutdown"
push ebx
push 0x39393920
push 0x742D2073
push 0x2D20662D
mov edx,esp //edx="-f -s -t 999"
push ebx
push ebx
push edx
push ecx
push eax
push ebx
mov esi,0x7D610EE0
call esi //call shutdown(0,"open","shutdown","-f -s -t 999")
xor ebx,ebx
push ebx
mov eax,0x7C81CDDA
call eax //call ExitProcess(0);
}
}
提取出来的代码改写成以下的代码，怎么不行正常呢？OD跑了N圈，还是不知道那里有问题。对比两个的shutdown部分的代码，也没有什么不相同的地方呀！
#include<windows.h>
#include<string.h>
void main()
{
char shellcode[]=
"\xFC\x33\xDB\x53\x68\x6C\x33\x32\x20\x68\x73\x68\x65\x6C\x8B\xC4\x50\xBE\x9C\x3F"
"\x88\x7C\xFF\xD6\x33\xDB\x53\x68\x6F\x70\x65\x6E\x8B\xC4\x53\x68\x64\x6F\x77"
"\x6E\x68\x73\x68\x75\x74\x8B\xCC\x53\x68\x20\x39\x39\x39\x68\x73\x20\x2D\x74"
"\x68\x2D\x66\x20\x2D\x8B\xD4\x53\x53\x52\x51\x50\x53\xBE\xE0\x0E\x61\x7D\xFF"
"\xD6\x33\xDB\x53\xB8\xDA\xCD\x81\x7C\xFF\xD0";
char MachineCode[256]="";
strncpy(MachineCode, shellcode,256);
__asm
{
lea eax, MachineCode
push eax
ret
}
}

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课

收藏・0

免费・0

支持