运行shellcode + vs2010
[英]running shellcode + vs2010
问题描述
I just tried the following code snippet for shellcode testing purposes:- 
我刚刚尝试了以下代码段以进行Shellcode测试:-
#include<iostream>
using namespace std;
char sc[] = ""; #i've removed the shellcode
int main() {
int (*func)();
func = (int(*)())sc;
(int)(*func)();
}
I get a build error on compilation :- 我在编译时遇到构建错误:-
------ Build started: Project: shellcoderunner, Configuration: Debug Win32 ------
Build started 10/15/2011 12:51:16 PM.
InitializeBuildStatus:
Touching "Debug\shellcoderunner.unsuccessfulbuild".
ClCompile:
blah.cpp
c:\users\reverser\documents\visual studio 2010\projects\shellcoderunner\shellcoderunner\blah.cpp(7): error C2440: 'type cast' : cannot convert from 'char [149]' to 'int (__cdecl *)(void)'
There is no context in which this conversion is possible
Build FAILED.
Time Elapsed 00:00:01.99
========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ==========
Something obvious that I'm doing wrong? 很明显我做错了吗?
4 个解决方案
解决方案1
3 已采纳 2012-10-17 04:11:57
To execute a shellcode in your C/C++ program with VS, the simplest way is embedding an Assembly code like this example below: 要使用VS在您的C / C ++程序中执行shellcode,最简单的方法是将汇编代码嵌入如下例所示:
char* buffer="blah blah blah";
int main() {
__asm{
lea eax, buffer
call eax
}
}
Hope this help! 希望有帮助!
解决方案2
2 2011-10-15 07:59:55
[ [
At the time I am answering the question is about why compilation fails for … 当时我在回答这个问题,为什么编译失败……
#include<iostream>
using namespace std;
char sc[] = ""; #i've removed the shellcode
int main() {
int (*func)();
func = (int(*)())sc;
(int)(*func)();
}
This code is an attempt to execute data bytes as machine code. 该代码试图将数据字节作为机器代码执行。 However, the OP calls this a “code snippet for shellcode testing purposes”, which is unrelated. 但是,OP将此称为“用于shellcode测试目的的代码段”,这是无关的。 And so I am including this original context. 因此,我将这个原始上下文包括在内。
] ]
You may have success using a void* as intermediary. 使用void*作为中介,您可能会成功。
In the formal even that should not compile, because in the formal a data pointer cannot be converted to a function pointer or vice versa. 即使在形式上也不应编译,因为在形式上数据指针无法转换为函数指针,反之亦然。
However, reportedly Posix requires the ability to do that conversion, and it's old existing practice, so I believe most if not all compilers support it. 但是,据报道,Posix需要进行这种转换的能力,并且这是古老的现有做法,因此,我相信大多数(如果不是全部)编译器都支持该转换。
Note that you are in UB-land as regarding effects. 请注意,关于效果,您在UB地区。
Also, note that anti-virus software and page level execute permission checking may disagree a bit with trying to execute the bytes in a string as machine code, so at that higher level yes you're doing something obviously wrong. 另外,请注意,防病毒软件和页面级别的执行权限检查可能与尝试将字符串中的字节作为机器代码执行时有所不同,因此,在更高级别上,您所做的事情显然是错误的。 ;-) ;-)
By the way, if what you are trying to achieve is to execute a shell script, then look into the system function. 顺便说一句,如果您要实现的目标是执行Shell脚本,请查看system功能。
What command to pass in the system call would depend on your system, so if you change your question be sure to include information about that. 在system调用中传递什么命令将取决于您的系统,因此,如果您更改问题,请确保包含有关此信息。
Cheers & hth., 干杯,……
解决方案3
2 2011-10-15 09:50:14
I think the following should work: 我认为以下应该起作用:
char sc[] = ""; // i've removed the shellcode
int main()
{
int (*func)() = (int(*)())sc; // C++
int (*func)() = sc; /* C */
func();
}
It's technically undefined behaviour, but then again that's the whole point of shellcode. 从技术上讲,这是未定义的行为,但是再说一遍,这就是shellcode的重点。
解决方案4
2 2011-10-15 09:58:07
You cannot cast an array to a function pointer. 您不能将数组强制转换为函数指针。 You have to first acquire a pointer to the array, which then can be cast: 您必须首先获取一个指向数组的指针,然后可以将其强制转换为:
func = (int(*)())≻
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.