执行shellcode时win32 c++访问违规

如何解决执行shellcode时win32 c++访问违规

我编写这个函数是为了找出基于 this talk 的关于破坏 x86 指令集的汇编指令的长度。

/* shellcode is a pointer to a buffer contains assembly instructions
   size is the size of that buffer */
DWORD GetInstructionLength(BYTE* shellcode,SIZE_T size) {
    LPVOID RWXBuff = nullptr; //buffer with read,write,execute perm
    LPVOID RWBuff = nullptr;  //buffer with read,write perm
    HANDLE CurProc = GetCurrentProcess();
    DWORD Tmp;
    DWORD CurrOffset = 1;
    RWXBuff = VirtualAllocEx(CurProc,NULL,32,MEM_COMMIT | MEM_RESERVE,PAGE_EXECUTE_READWRITE);
    RWBuff = RWXBuff; 
    for (int i = 0; i < 16; i++,RWBuff = static_cast<char*>(RWBuff) + 1);
    VirtualProtectEx(CurProc,RWBuff,17,PAGE_READWRITE,&Tmp);
    void (*func)();

    for (;;CurrOffset++) {
        __try {
            LPVOID ShellcodeAddr = static_cast<char*>(RWXBuff) + 16 - CurrOffset;
            std::cout << "memcpy(" << ShellcodeAddr << "," << (void*)shellcode << "," << size << ")\n";
            memcpy(ShellcodeAddr,shellcode,size);
            std::cout << "memcpied" << std::endl;
            MEMORY_BASIC_INFORMATION minfo;
            VirtualQueryEx(GetCurrentProcess(),ShellcodeAddr,&minfo,sizeof(MEMORY_BASIC_INFORMATION));
            if (PAGE_EXECUTE_READWRITE == minfo.Protect)
                std::cout << "shellcode at " << ShellcodeAddr << "is executable" << std::endl;
            else
                std::cout << "shellcode at " << ShellcodeAddr << "is NOT executable" << std::endl;
            func = (void(*)())ShellcodeAddr;
            func();
            break;
        }
        __except (GetExceptionCode() == EXCEPTION_ACCESS_VIOLATION ? EXCEPTION_EXECUTE_HANDLER : EXCEPTION_CONTINUE_SEARCH) {
            std::cout << "Bug!" << std::endl;
            continue;
        }
    }
    VirtualFreeEx(CurProc,MEM_RELEASE);
    return CurrOffset;
}

来电者：

int main()
{
    unsigned char shellcode = 0x90; // nop opcode
    unsigned char* buf = &shellcode;
    size_t size = helper::GetInstructionLength(buf,1);
    std::cout << "Shellcode lenght = " << size << std::endl;
}

输出：

buffer with rwx at 0000023048E80000
buffer with rw- at 0000023048E80010
shellcode at 0000023048E8000F is NOT executable
Bug!
shellcode at 0000023048E8000E is NOT executable
Bug!
shellcode at 0000023048E8000D is NOT executable
Bug!
shellcode at 0000023048E8000C is NOT executable
Bug!
shellcode at 0000023048E8000B is NOT executable
Bug!
shellcode at 0000023048E8000A is NOT executable
Bug!
shellcode at 0000023048E80009 is NOT executable
Bug!
shellcode at 0000023048E80008 is NOT executable
Bug!
shellcode at 0000023048E80007 is NOT executable
Bug!
shellcode at 0000023048E80006 is NOT executable
Bug!
shellcode at 0000023048E80005 is NOT executable
Bug!
shellcode at 0000023048E80004 is NOT executable
Bug!
shellcode at 0000023048E80003 is NOT executable
Bug!
shellcode at 0000023048E80002 is NOT executable
Bug!
shellcode at 0000023048E80001 is NOT executable
Bug!
shellcode at 0000023048E80000 is NOT executable
Bug!
Bug!
...

但它不起作用，每次都会引发访问违规，我不知道为什么。你能帮我解决这个问题吗？ 因为我只有 3 个月的编码经验，如果这对你来说是糟糕的代码，对不起

版权声明：本文内容由互联网用户自发贡献，该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容， 请发送邮件至 dio@foxmail.com 举报，一经查实，本站将立刻删除。