从汇编代码提取Shellcode的简单实现

#include <stdio.h>

unsigned char *asm_code()
{
__asm
{
   lea eax,__code
   jmp __ret
}

//这里放shellcode的汇编代码
__asm
{
__code:
xor     ebx, ebx                         ; test.00405030
push    ebx
push    4B435546h
mov     eax, esp
push    ebx
push    eax
push    eax
push    ebx
mov     eax, 77E18098h
call    eax
mov     eax, 77E6E01Ah
push    ebx
call    eax
}

//函数结语
__asm int 3
__asm { __ret: }
}

void main()
{
unsigned char temp;
int i = 1;
unsigned char *asm_p = asm_code();
FILE *fd = fopen("code.txt","w");
fprintf(fd,"unsigned char shellcode = "");
while((temp = *asm_p) != 0xcc)
{
   fprintf(fd,"\x%.2x",temp);
   asm_p ++;
   if(i % 8 == 0) fprintf(fd,"" "");
   i ++;
}
fprintf(fd,"";");
fclose(fd);
}

生成的code.txt:

‍unsigned char shellcode = "x33xdbx53x68x46x55x43x4b"
"x8bxc4x53x50x50x53xb8x98"
"x80xe1x77xffxd0xb8x1axe0"
"xe6x77x53xffxd0";