用VB做ShellCode Loader

很久沒寫過文章了,今天看到Anskya寫的多種語言的ShellCode Loader,他把C下的ShellCode按照原理改成寫Delphi的,實(shí)際就是直接執(zhí)行匯編代碼,既然這樣也可以把它改寫的Visual Basic的.代碼如下,稍微改了一下:

'============Code Start==============
'In a Module
Private Declare Function CallWindowProc Lib "user32" Alias "CallWindowProcA" (ByVal lpPrevWndFunc As Long, ByVal hWnd As Long, ByVal Msg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long

Sub Main()

Dim ShellCode
Dim Exec() As Byte
ShellCode = Array(&HE8, &H0, &H0, &H0, &H0, &H5F, &H81, &HEF, &H1E, &H10, &H40, &H0, &H8D, &H87, &H94, &H10, _
  &H40, &H0, &H50, &HE8, &H83, &H0, &H0, &H0, &H8D, &H87, &HA5, &H10, &H40, &H0, &H50, &HE8, _
  &H77, &H0, &H0, &H0, &H2B, &HC0, &H50, &H8D, &H9F, &H83, &H10, &H40, &H0, &H53, &H8D, &H9F, _
  &H5E, &H10, &H40, &H0, &H53, &H50, &HFF, &H97, &HAC, &H10, &H40, &H0, &H6A, &H0, &HFF, &H97, _
  &H9D, &H10, &H40, &H0, &HC3, &H53, &H68, &H65, &H6C, &H6C, &H43, &H6F, &H64, &H65, &H20, &H62, _
  &H79, &H20, &H58, &H4A, &H54, &H4C, &H20, &H77, &H77, &H77, &H2E, &H43, &H6E, &H58, &H48, &H61, _
  &H63, &H6B, &H65, &H72, &H2E, &H63, &H6F, &H6D, &H0, &H0, &H4D, &H73, &H67, &H42, &H6F, &H78, &H20, _
  &H45, &H78, &H61, &H6D, &H70, &H6C, &H65, &H0, &H0, &H0, &H6B, &H65, &H72, &H6E, &H65, _
  &H6C, &H33, &H32, &H0, &H1, &H92, &H8F, &H5, &H0, &H0, &H0, &H0, &H75, &H73, &H65, &H72, _
  &H33, &H32, &H0, &HF7, &H6C, &H55, &HD8, &H0, &H0, &H0, &H0, &H60, &H8B, &H74, &H24, &H24, _
  &HE8, &H97, &H0, &H0, &H0, &H68, &HAD, &HD1, &H34, &H41, &H50, &HE8, &H1F, &H0, &H0, &H0, _
  &H56, &HFF, &HD0, &H8B, &HD8, &H2B, &HC0, &HAC, &H84, &HC0, &H75, &HFB, &H8B, &HFE, &HAD, &H85, _
  &HC0, &H74, &HA, &H50, &H53, &HE8, &H5, &H0, &H0, &H0, &HAB, &HEB, &HF1, &H61, &HC3, &H60, _
  &H8B, &H5C, &H24, &H24, &H8B, &H74, &H24, &H28, &H2B, &HED, &H8B, &HD3, &H3, &H52, &H3C, &H8B, _
  &H52, &H78, &H3, &HD3, &H8B, &H42, &H18, &H8B, &H7A, &H1C, &H3, &HFB, &H8B, &H7A, &H20, &H3, _
  &HFB, &H52, &H8B, &HD7, &H8B, &H17, &H3, &HD3, &H45, &H60, &H8B, &HF2, &H2B, &HC9, &HAC, &H41, _
  &H84, &HC0, &H75, &HFA, &H89, &H4C, &H24, &H18, &H61, &H60, &H2B, &HC0, &HE8, &H51, &H0, &H0, _
  &H0, &H3B, &HC6, &H61, &H74, &H8, &H83, &HC7, &H4, &H48, &H74, &H18, &HEB, &HD6, &H5A, &H4D, _
  &H8B, &H4A, &H24, &H3, &HCB, &HF, &HB7, &H4, &H69, &H8B, &H6A, &H1C, &H3, &HEB, &H8B, &H44, _
  &H85, &H0, &H3, &HC3, &H89, &H44, &H24, &H1C, &H61, &HC2, &H8, &H0, &H60, &H2B, &HC0, &H64, _
  &H8B, &H40, &H30, &H85, &HC0, &H78, &HC, &H8B, &H40, &HC, &H8B, &H70, &H1C, &HAD, &H8B, &H40, _
  &H8, &HEB, &H9, &H8B, &H40, &H34, &H8D, &H40, &H7C, &H8B, &H40, &H3C, &H89, &H44, &H24, &H1C, _
  &H61, &HC3, &H60, &HE3, &H18, &HF7, &HD0, &H32, &H2, &H42, &HB3, &H8, &HD1, &HE8, &H73, &H5, _
  &H35, &H20, &H83, &HB8, &HED, &HFE, &HCB, &H75, &HF3, &HE2, &HEC, &HF7, &HD0, &H89, &H44, &H24, _
  &H1C, &H61, &HC3)
 
ReDim Exec(UBound(ShellCode))

For i = 0 To UBound(ShellCode)
    Exec(i) = ShellCode(i)
Next

CallWindowProc VarPtr(Exec(0)), ByVal 0&, ByVal 0&, ByVal 0&, ByVal 0&

End Sub

'============Code End==============

呵呵,一大串的編碼看不懂吧,這段匯編代碼大概的意思是首先獲得kernel32等的基址,Load完后就會執(zhí)行MessageBoxA了,執(zhí)行完畢后會彈出一個對話框,然后ExitThread退出,這就是ShellCode的基本框架了.上述代碼,就是在VB中內(nèi)嵌匯編的基本例子,但是在VB中,不能像C和Delphi那樣直接Call代碼數(shù)組,而必須調(diào)用窗口過程函數(shù)CallWindowProc間接調(diào)用,你也可以試一下其它代碼,同樣可行.附件包含了源代碼和編譯后的程序.

好了,文章就寫到這里了~轉(zhuǎn)載請保留版權(quán)信息,謝謝!

本站僅提供存儲服務(wù)，所有內(nèi)容均由用戶發(fā)布，如發(fā)現(xiàn)有害或侵權(quán)內(nèi)容，請點(diǎn)擊舉報。