3,881
社区成员
发帖
与我相关
我的任务
分享
gcc 系列好像都很简单, 不知道最新的M$VC有这个选项没....
比如这样子:
#include <stdio.h>
int main()
{
#ifdef __i386__
((void(*)( int(*)(const char*)))(
"\x55\x89\xE5\x53\xE8\x1B\x00\x00\x00\x81\xC3\x77\x7F\xFB\xF7\x83"
"\xEC\x14\x8D\x83\xA8\x80\x04\x08\x89\x04\x24\xFF\x55\x08\x83\xC4"
"\x14\x5B\x5D\xC3\x8B\x1C\x24\xC3\x48\x65\x6C\x6C\x6F\x20\x57\x6F"
"\x72\x6C\x64\x21\x00"))( puts );
#elif defined( __arm_le__ )
((void(*)( int(*)(const char*)))(
"\x08\x40\x2D\xE9\x00\x30\xA0\xE1\x10\x00\x9F\xE5\x00\x00\x8F\xE0"
"\x0F\xE0\xA0\xE1\x13\xFF\x2F\xE1\x08\x40\xBD\xE8\x1E\xFF\x2F\xE1"
"\x10\x00\x00\x00\x48\x65\x6C\x6C\x6F\x20\x57\x6F\x72\x6C\x64\x21"
"\x00\x00\x00\x00"))( puts );
#endif
return 0;
}
-----------------------------------------------------------------
shell code 是这样子生成的:
void foobar( void(*fun)(char*) )
{
fun( "Hello World!" );
}
gcc -m32 -O3 1.c -c -fpic ; ld -melf_i386 -e foobar 1.o -o 1.elf ; objcopy -O binary 1.elf 1.bin
arm-none-eabi-gcc -O3 -c 1.c -fpic ; arm-none-eabi-ld -e foobar 1.o -o 1.elf ; arm-none-eabi-objcopy.exe -O binary 1.elf 1.bin
-----------------------------------------------------------------
难道我生成在M$VC跑的程序也要用gcc生成代码么, 没天理啊...
#include <stdio.h>
#include <stdlib.h>
#include <memory.h>
#include <time.h>
struct XSLCSE_ENCRYPT_param
{
int X_Encrypt;
int X_Key [16/sizeof(int)];
int X_data[16/sizeof(int)];
};
void binCryptography( int enc , const void* key /* size_is(16) */, const void* input /* size_is(16) */ , void* output /* size_is(16) */ )
{
struct XSLCSE_ENCRYPT_param param;
static const char* const svc =
"\x11Hello BIN World!"
"\x55\x57\x56\x83\xEC\x18\x8B\x54\x24\x2C\x8B\x44\x24\x2C\x8B\x0A"
"\x83\xC0\x14\x89\x44\x24\x0C\x85\xC9\x0F\x85\x19\x01\x00\x00\x8B"
"\x72\x14\x89\xD0\x83\xC2\x18\x89\x54\x24\x14\x8B\x50\x18\xBF\x20"
"\x37\xEF\xC6\x8B\x40\x04\x89\x04\x24\x8B\x44\x24\x2C\x8B\x40\x08"
"\x89\x44\x24\x04\x8B\x44\x24\x2C\x8B\x40\x0C\x89\x44\x24\x08\x8B"
"\x44\x24\x2C\x8B\x48\x10\x66\x90\x89\xF0\x89\xF5\xC1\xE0\x04\x03"
"\x44\x24\x08\xC1\xED\x05\x01\xCD\x31\xE8\x8D\x2C\x37\x31\xE8\x29"
"\xC2\x89\xD0\x89\xD5\xC1\xE0\x04\xC1\xED\x05\x03\x04\x24\x03\x6C"
"\x24\x04\x31\xE8\x8D\x2C\x3A\x31\xE8\x29\xC6\x81\xC7\x47\x86\xC8"
"\x61\x75\xC5\x8B\x44\x24\x2C\xBF\x20\x37\xEF\xC6\x89\x50\x18\x8B"
"\x54\x24\x0C\x89\x70\x14\x8B\x44\x24\x0C\x83\xC2\x08\x89\x54\x24"
"\x10\x8B\x70\x08\x8B\x50\x0C\x90\x89\xF0\x89\xF5\xC1\xE0\x04\x03"
"\x44\x24\x08\xC1\xED\x05\x01\xCD\x31\xE8\x8D\x2C\x37\x31\xE8\x29"
"\xC2\x89\xD0\x89\xD5\xC1\xE0\x04\xC1\xED\x05\x03\x04\x24\x03\x6C"
"\x24\x04\x31\xE8\x8D\x2C\x3A\x31\xE8\x29\xC6\x81\xC7\x47\x86\xC8"
"\x61\x75\xC5\x8B\x44\x24\x0C\x89\x50\x0C\x8B\x54\x24\x2C\x89\x70"
"\x08\x8B\x42\x14\x8B\x54\x24\x10\x29\x02\x8B\x54\x24\x2C\x8B\x42"
"\x18\x8B\x54\x24\x0C\x29\x42\x0C\x8B\x44\x24\x14\x81\x2A\x82\x6B"
"\x15\x6A\x81\x00\x74\xC5\x3A\x28\x83\xC4\x18\x31\xC0\x5E\x5F\x5D"
"\xC3\x8D\xB4\x26\x00\x00\x00\x00\x81\x00\x82\x6B\x15\x6A\x31\xFF"
"\x81\x6A\x18\x74\xC5\x3A\x28\x83\xC2\x1C\x89\x54\x24\x0C\x8B\x54"
"\x24\x2C\x8B\x42\x14\x8B\x54\x24\x0C\x01\x02\x8B\x54\x24\x2C\x8B"
"\x42\x18\x01\x42\x20\x89\xD0\x8B\x40\x04\x8B\x72\x14\x8B\x52\x18"
"\x89\x04\x24\x8B\x44\x24\x2C\x8B\x40\x08\x89\x44\x24\x04\x8B\x44"
"\x24\x2C\x8B\x40\x0C\x89\x44\x24\x08\x8B\x44\x24\x2C\x8B\x48\x10"
"\x89\xD5\x81\xEF\x47\x86\xC8\x61\xC1\xE5\x04\x03\x2C\x24\x8D\x04"
"\x17\x31\xE8\x89\xD5\xC1\xED\x05\x03\x6C\x24\x04\x31\xE8\x01\xC6"
"\x89\xF0\x89\xF5\xC1\xE0\x04\x03\x44\x24\x08\xC1\xED\x05\x01\xCD"
"\x31\xE8\x8D\x2C\x3E\x31\xE8\x01\xC2\x81\xFF\x20\x37\xEF\xC6\x75"
"\xBF\x8B\x44\x24\x2C\x31\xFF\x89\x70\x14\x8B\x70\x1C\x89\x50\x18"
"\x8B\x44\x24\x0C\x8B\x50\x04\x90\x89\xD5\x81\xEF\x47\x86\xC8\x61"
"\xC1\xE5\x04\x03\x2C\x24\x8D\x04\x17\x31\xE8\x89\xD5\xC1\xED\x05"
"\x03\x6C\x24\x04\x31\xE8\x01\xC6\x89\xF0\x89\xF5\xC1\xE0\x04\x03"
"\x44\x24\x08\xC1\xED\x05\x01\xCD\x31\xE8\x8D\x2C\x3E\x31\xE8\x01"
"\xC2\x81\xFF\x20\x37\xEF\xC6\x75\xBF\x8B\x44\x24\x2C\x89\x70\x1C"
"\x8B\x44\x24\x0C\x89\x50\x04\x83\xC4\x18\x31\xC0\x5E\x5F\x5D\xC3"
;
param.X_Encrypt = enc;
memcpy( ¶m.X_data , input , 16 );
memcpy( ¶m.X_Key , key , 16 );
(*(void(*)(const void*const,void*))(svc+svc[0]))( svc , ¶m );
memcpy( output , ¶m.X_data , 16 );
}
int main()
{
int i , r;
char key[16];
int plain[16/sizeof(int)] , cipher[16/sizeof(int)] , verify[16/sizeof(int)];
srand( time(NULL) );
for( i = 0; i < 16; ++i )
key[i] = (char)rand();
for( r = 0; r < 100000; ++r )
{
for( i = 0; i < sizeof( plain ) / sizeof(plain[0] ); ++i )
plain[i] = (rand() << 16)+rand();
binCryptography( 1 , key , plain , cipher );
binCryptography( 0 , key , cipher , verify );
if( memcmp( plain , verify , 16 ) != 0 )
printf( "error" );
}
return 0;
}