- 注册时间
- 2021-4-16
- 最后登录
- 2023-11-9
- 在线时间
- 4 小时
编程入门
- 龙马币
- 116
|
这里是其中一小部分。
- byte * push_rsp() //64位编码
- {
- byte code[1] = { 0x54 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * push_rbp() //64位编码
- {
- byte code[1] = { 0x55 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * push_rsi() //64位编码
- {
- byte code[1] = { 0x56 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * push_rdi() //64位编码
- {
- byte code[1] = { 0x57 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * mov_rax_value(__int64 value) //qword
- {
- byte code[2] = { 0x48,0xb8 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));
- CodeLen = CodeLen + sizeof(__int64);
- return ShellCode;
- }
- byte * mov_rcx_value(__int64 value) //qword
- {
- byte code[2] = { 0x48,0xb9 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));
- CodeLen = CodeLen + 8;
- return ShellCode;
- }
- byte * mov_rdx_value(__int64 value) //qword
- {
- byte code[2] = { 0x48,0xba };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));
- CodeLen = CodeLen + 8;
- return ShellCode;
- }
- byte * mov_rbx_value(__int64 value) //qword
- {
- byte code[2] = { 0x48,0xbb };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));
- CodeLen = CodeLen + 8;
- return ShellCode;
- }
- byte * mov_r8_value(__int64 value) //qword
- {
- byte code[2] = { 0x49,0xb8 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));
- CodeLen = CodeLen + 8;
- return ShellCode;
- }
- byte * mov_r9_value(__int64 value) //qword
- {
- byte code[2] = { 0x49,0xb9 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));
- CodeLen = CodeLen + 8;
- return ShellCode;
- }
- byte * mov_r10_value(__int64 value) //mov r10, 6FFFFFFFFFFFFFFF
- {
- byte code[2] = { 0x49,0xba };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));
- CodeLen = CodeLen + 8;
- return ShellCode;
- }
- byte * mov_r11_value(__int64 value) //qword
- {
- byte code[2] = { 0x49,0xbb };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));
- CodeLen = CodeLen + 8;
- return ShellCode;
- }
- byte * mov_r12_value(__int64 value) //qword
- {
- byte code[2] = { 0x49,0xbc };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));
- CodeLen = CodeLen + 8;
- return ShellCode;
- }
- byte * mov_r13_value(__int64 value) //qword
- {
- byte code[2] = { 0x49,0xbd };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));
- CodeLen = CodeLen + 8;
- return ShellCode;
- }
- byte * mov_r14_value(__int64 value) //qword
- {
- byte code[2] = { 0x49,0xbe };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));
- CodeLen = CodeLen + 8;
- return ShellCode;
- }
- byte * mov_r15_value(__int64 value) //qword
- {
- byte code[2] = { 0x49,0xbf };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));
- CodeLen = CodeLen + 8;
- return ShellCode;
- }
- byte * mov_rcx_rax() //64位编码
- {
- byte code[3] = { 0x48,0x8b,0xc8 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * mov_rax_rcx() //64位编码
- {
- byte code[3] = { 0x49,0x89,0xc8 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * mov_rax_rdx() //64位编码
- {
- byte code[3] = { 0x48,0x89,0xd0 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * mov_rdx_rax() //64位编码
- {
- byte code[3] = { 0x48,0x89,0xc2 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * mov_r8_r9() //64位编码
- {
- byte code[3] = { 0x4d,0x89,0xc8 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * mov_r9_r8() //64位编码
- {
- byte code[3] = { 0x4d,0x89,0xc1 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * mov_rcx_ptr_rcx() //64位编码
- {
- byte code[3] = { 0x48,0x8b,0x09 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * mov_rcx_ptr_rax() //64位编码
- {
- byte code[3] = { 0x48,0x8b,0x08 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * mov_rcx_ptr_rdx() //64位编码
- {
- byte code[3] = { 0x48,0x8b,0x0a };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * mov_rcx_ptr_rbx() //64位编码
- {
- byte code[3] = { 0x48,0x8b,0x0b };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * mov_rdx_ptr_rdx() //64位编码
- {
- byte code[3] = { 0x48,0x8b,0x12 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * mov_rdx_ptr_rcx() //64位编码
- {
- byte code[3] = { 0x48,0x8b,0x11 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * mov_rdx_ptr_rbx() //64位编码
- {
- byte code[3] = { 0x48,0x8b,0x13 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * mov_rdx_ptr_rax() //64位编码
- {
- byte code[3] = { 0x48,0x8b,0x10 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * mov_r8_ptr_r8() //64位编码
- {
- byte code[3] = { 0x4d,0x8b,0x00 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * mov_r8_ptr_r9() //64位编码
- {
- byte code[3] = { 0x4d,0x8b,0x01 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * mov_r8_ptr_r10() //64位编码
- {
- byte code[3] = { 0x4d,0x8b,0x02 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * mov_r9_ptr_r8() //64位编码
- {
- byte code[3] = { 0x4d,0x8b,0x08 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * mov_r9_ptr_r9() //64位编码
- {
- byte code[3] = { 0x4d,0x8b,0x09 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * mov_r9_ptr_r10() //64位编码
- {
- byte code[3] = { 0x4d,0x8b,0x0a };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * mov_r15_r8() //64位编码
- {
- byte code[3] = { 0x4d,0x89,0xc7 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * mov_r15_r9() //64位编码
- {
- byte code[3] = { 0x4d,0x89,0xcf };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * mov_r15_r10() //64位编码
- {
- byte code[3] = { 0x4d,0x89,0xd7 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * mov_r15_r11() //64位编码
- {
- byte code[3] = { 0x4d,0x89,0xdf };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * mov_r15_r12() //64位编码
- {
- byte code[3] = { 0x4d,0x89,0xe7 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * mov_r15_r13() //64位编码
- {
- byte code[3] = { 0x4d,0x89,0xef };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * mov_r15_r14() //64位编码
- {
- byte code[3] = { 0x4d,0x89,0xf7 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * mov_r15_r15() //64位编码
- {
- byte code[3] = { 0x4d,0x89,0xff };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * mov_r15_ptr_r8() //64位编码
- {
- byte code[3] = { 0x4d,0x8b,0x38 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * mov_r15_ptr_r9() //64位编码
- {
- byte code[3] = { 0x4d,0x8b,0x39 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * mov_r15_ptr_r10() //64位编码
- {
- byte code[3] = { 0x4d,0x8b,0x3a };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * mov_r15_ptr_r11() //64位编码
- {
- byte code[3] = { 0x4d,0x8b,0x3b };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * mov_r15_ptr_r12() //64位编码
- {
- byte code[4] = { 0x4d,0x8b,0x3c,0x24 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * mov_r15_ptr_r13() //64位编码
- {
- byte code[4] = { 0x4d,0x8b,0x7d,0x00 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * mov_r15_ptr_r14() //64位编码
- {
- byte code[3] = { 0x4d,0x8b,0x3e };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * mov_r15_ptr_r15() //64位编码
- {
- byte code[3] = { 0x4d,0x8b,0x3f };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * mov_qword_ptr_rax(__int64 value) //qword这里是个内存地址
- {
- byte code[2] = { 0x48,0xa3 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));
- CodeLen = CodeLen + 8;
- return ShellCode;
- }
- byte * mov_rax_qword_ptr_rbp_add(int value) //qword这里是个内存地址,mov rax, qword ptr ss:[rbp+FFFFFFF]
- {
- byte code[3] = { 0x48,0x8b,0x85 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(int));
- CodeLen = CodeLen + 4;
- return ShellCode;
- }
- byte * mov_rcx_qword_ptr_rbp_add(int value) //qword这里是个内存地址,mov rax, qword ptr ss:[rbp+FFFFFFF]
- {
- byte code[3] = { 0x48,0x8b,0x8d };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(int));
- CodeLen = CodeLen + 4;
- return ShellCode;
- }
- byte * lea_rcx_rcx() //64位编码 [rcx]
- {
- byte code[3] = { 0x48,0x8d,0x09 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * lea_rax_rcx() //64位编码 [eax]
- {
- byte code[3] = { 0x48,0x8d,0x08 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * lea_rax_rax() //64位编码 [eax]
- {
- byte code[3] = { 0x48,0x8d,0x00 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * lea_rcx_rax() //64位编码 [eax]
- {
- byte code[3] = { 0x48,0x8d,0x01 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * add_rax_rcx() //64位编码 [eax]
- {
- byte code[3] = { 0x48,0x01,0xc8 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * add_rcx_rax() //64位编码 [eax]
- {
- byte code[3] = { 0x48,0x01,0xc1 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * add_rsp_value(int value) //减法最大值是0xffffffff,这个是32位
- {
- byte code[3] = { 0x48,0x81,0xc4 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(int));
- CodeLen = CodeLen + 4;
- return ShellCode;
- }
- byte * sub_rsp_value(int value) //减法最大值是0xffffffff,这个是32位
- {
- byte code[3] = { 0x48,0x81,0xec };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(int));
- CodeLen = CodeLen + 4;
- return ShellCode;
- }
- byte * sub_rax_rcx() //减法
- {
- byte code[3] = { 0x48,0x29,0xc3 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * sub_rcx_rax() //减法
- {
- byte code[3] = { 0x48,0x29,0xc1 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * ret() //
- {
- byte code[1] = { 0xc3 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * retn(short value) //减法
- {
- byte code[1] = { 0xc2 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(short));
- CodeLen = CodeLen + sizeof(short);
- return ShellCode;
- }
- byte * idiv_rax() //除法 ,首先要讲值传到rax,最后的值传给rax 0x48,0x99 =cpo
- {
- byte code[5] = { 0x48,0x99,0x48,0xf7,0xf8 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * idiv_rcx() //除法 ,首先要讲值传到rax,最后的值传给rax 0x48,0x99 =cpo
- {
- byte code[5] = { 0x48,0x99,0x48,0xf7,0xf9 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * div_rax() //除法 ,首先要讲值传到rax,最后的值传给rax 0x48,0x99 =cpo
- {
- byte code[5] = { 0x48,0x99,0x48,0xf7,0xf0 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * div_rcx() //除法 ,首先要讲值传到rax,最后的值传给rax 0x48,0x99 =cpo
- {
- byte code[5] = { 0x48,0x99,0x48,0xf7,0xf1 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * imul_rax_rcx() //乘法
- {
- byte code[4] = { 0x48,0x0f,0xaf,0xc1 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * imul_r8_r9() //乘法
- {
- byte code[4] = { 0x4d,0x0f,0xaf,0xc1 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * call_rax() //易变
- {
- byte code[2] = { 0xff,0xd0 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * call_rcx() //易变
- {
- byte code[2] = { 0xff,0xd1 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * call_r8() //易变
- {
- byte code[3] = { 0x41,0xff,0xd0 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * call_r9() //易变
- {
- byte code[3] = { 0x41,0xff,0xd1 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * call_r10() //易变
- {
- byte code[3] = { 0x41,0xff,0xd2 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * call_r11() //易变
- {
- byte code[3] = { 0x41,0xff,0xd3 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * call_r12() //易变
- {
- byte code[3] = { 0x41,0xff,0xd4 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * call_r13() //易变
- {
- byte code[3] = { 0x41,0xff,0xd5 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * call_r14() //易变
- {
- byte code[3] = { 0x41,0xff,0xd6 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * call_r15() //易变
- {
- byte code[3] = { 0x41,0xff,0xd7 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * jmp_r15() //易变
- {
- byte code[3] = { 0x41,0xff,0xe7 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * call_ptr(int value) //减法最大值是0xffffffff,这个是32位//这个函数x64有问题的,不建议用
- {
- byte code[2] = { 0xff,0x14};
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(int));
- CodeLen = CodeLen + 4;
- return ShellCode;
- }
- byte * movss_xmm0_dword_ptr_rcx() //浮点数地址传值 movss xmm0, dword ptr ds:[rax]
- {
- byte code[4] = { 0xF3, 0x0F, 0x10, 0x01 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * movss_xmm0_dword_ptr_rax() //浮点数地址传值 movss xmm0, dword ptr ds:[rax]
- {
- byte code[4] = { 0xF3, 0x0F, 0x10, 0x00 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * movss_xmm1_dword_ptr_rax() //浮点数地址传值 movss xmm1, dword ptr ds:[rax]
- {
- byte code[4] = { 0xF3, 0x0F, 0x10, 0x08 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * movss_xmm2_dword_ptr_rax() //浮点数地址传值 movss xmm2, dword ptr ds:[rax]
- {
- byte code[4] = { 0xF3, 0x0F, 0x10, 0x10 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * movss_xmm3_dword_ptr_rax() //浮点数地址传值 movss xmm3, dword ptr ds:[rax]
- {
- byte code[4] = { 0xF3, 0x0F, 0x10, 0x18 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * movss_xmm4_dword_ptr_rax() //浮点数地址传值 movss xmm4, dword ptr ds:[rax]
- {
- byte code[4] = { 0xF3, 0x0F, 0x10, 0x20 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * movss_xmm1_dword_ptr_rcx() //浮点数地址传值 movss xmm0, dword ptr ds:[rcx]
- {
- byte code[4] = { 0xF3, 0x0F, 0x10, 0x09 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * movss_xmm0_dword_ptr_r8() //浮点数地址传值 movss xmm0, dword ptr ds:[r8]
- {
- byte code[5] = { 0xF3, 0x41, 0x0f, 0x10,0x00 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * movss_xmm0_dword_ptr_r9() //浮点数地址传值 movss xmm0, dword ptr ds:[r9]
- {
- byte code[5] = { 0xF3, 0x41, 0x0f, 0x10,0x01 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * movss_dword_ptr_xmm0() // movss dword ptr ds : [rax], xmm0 |
- {
- byte code[5] = { 0xF3, 0x67, 0x0F, 0x11, 0x01 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * addss_xmm0_dword_ptr_rax() // addss xmm0, dword ptr ds : [rax] 浮点加法
- {
- byte code[4] = { 0xF3, 0x0f, 0x58, 0x00 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * subss_xmm0_dword_ptr_rax() // addss xmm0, dword ptr ds : [rax] 浮点减法
- {
- byte code[4] = { 0xF3, 0x0f, 0x5c, 0x00 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * mulss_xmm0_dword_ptr_rax() // addss xmm0, dword ptr ds : [rax] 浮点乘法
- {
- byte code[4] = { 0xF3, 0x0f, 0x59, 0x00 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * divss_xmm0_dword_ptr_rax() // addss xmm0, dword ptr ds : [rax] 浮点除法
- {
- byte code[4] = { 0xF3, 0x0f, 0x5e, 0x00 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * xor_r9d_r9d() // addss xmm0, dword ptr ds : [rax] 清空
- {
- byte code[3] = { 0x45, 0x31, 0xc9 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * xor_r8d_r8d() // addss xmm0, dword ptr ds : [rax] 清空
- {
- byte code[3] = { 0x45, 0x31, 0xc0 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * xor_eax_eax() // addss xmm0, dword ptr ds : [rax] 清空
- {
- byte code[2] = { 0x31, 0xc0 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * xor_ecx_ecx() // addss xmm0, dword ptr ds : [rax] 清空
- {
- byte code[2] = { 0x31, 0xc9 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * xor_edx_edx() // addss xmm0, dword ptr ds : [rax] 清空
- {
- byte code[2] = { 0x31, 0xd2 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * xor_rax_rax() // addss xmm0, dword ptr ds : [rax] 清空
- {
- byte code[3] = { 0x48, 0x31,0xc0 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * xor_rcx_rcx() // addss xmm0, dword ptr ds : [rax] 清空
- {
- byte code[3] = { 0x48, 0x31,0xc9 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * xor_r8_r8() // addss xmm0, dword ptr ds : [rax] 清空
- {
- byte code[3] = { 0x4d, 0x31,0xc0 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * xor_r9_r9() // addss xmm0, dword ptr ds : [rax] 清空
- {
- byte code[3] = { 0x4d, 0x31,0xc9 };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- byte * int3() // addss xmm0, dword ptr ds : [rax] 清空
- {
- byte code[1] = { 0xcc };
- RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
- CodeLen = CodeLen + sizeof(code);
- return ShellCode;
- }
- short WordToByteArray(short Value) //2字节整数转byte数组,网络转换
- {
- return htons(Value);
- }
- int intToByteArray(int Value) //4字节整数转byte数组,网络转换 ntohl应该也可以
- {
- return htonl(Value);
- }
- void ByteToHexStr(const unsigned char* source, char* dest, int sourceLen)//char*字符串转编码 备份函数
- {
- short i;
- unsigned char highByte, lowByte;
- for (i = 0; i < sourceLen; i++)
- {
- highByte = source[i] >> 4;
- lowByte = source[i] & 0x0f;
- highByte += 0x30;
- if (highByte > 0x39)
- dest[i * 2] = highByte + 0x07;
- else
- dest[i * 2] = highByte;
- lowByte += 0x30;
- if (lowByte > 0x39)
- dest[i * 2 + 1] = lowByte + 0x07;
- else
- dest[i * 2 + 1] = lowByte;
- }
- return;
- }
- bool HexToString(unsigned char *pSrc, std::string &dest, int nL) //char[]字节数组转->字符串
- {
- char buf[256];
- memset((char *)buf, 0, sizeof(buf));
- unsigned char hb;
- unsigned char lb;
- for (int i = 0; i < nL; i++)
- {
- hb = (pSrc[i] & 0xf0) >> 4;
- if (hb >= 0 && hb <= 9)
- hb += 0x30;
- else if (hb >= 10 && hb <= 15)
- hb = hb - 10 + 'A';
- else
- return false;
- lb = pSrc[i] & 0x0f;
- if (lb >= 0 && lb <= 9)
- lb += 0x30;
- else if (lb >= 10 && lb <= 15)
- lb = lb - 10 + 'A';
- else
- return false;
- buf[i * 2] = hb;
- buf[i * 2 + 1] = lb;
- }
- dest = buf;
- return true;
- }
- bool StringToHex(std::string &src, unsigned char *dest)////字符串====字节数组
- {
- unsigned char hb;
- unsigned char lb;
- if (src.size() % 2 != 0)
- return false;
- transform(src.begin(), src.end(), src.begin(), toupper);
- for (int i = 0, j = 0; i < (int)src.size(); i++)
- {
- hb = src[i];
- if (hb >= 'A' && hb <= 'F')
- hb = hb - 'A' + 10;
- else if (hb >= '0' && hb <= '9')
- hb = hb - '0';
- else
- return false;
- i++;
- lb = src[i];
- if (lb >= 'A' && lb <= 'F')
- lb = lb - 'A' + 10;
- else if (lb >= '0' && lb <= '9')
- lb = lb - '0';
- else
- return false;
- dest[j++] = (hb << 4) | (lb);
- }
- return true;
- }
复制代码
|
|