shellcode 反汇编,模拟运行以及调试方法
onlinedisassembler https://onlinedisassembler.com 在线反汇编工具,类似于lda。功能比较单一。 Any.run 等平台在线分析 将shellcode保存为文件 通过如下脚本,转换shellcode为char数组 import binascii filename = "C:\\Users\\liang\\Desktop\\工作相关\\样本\\rdpscan\\rdpscan\\ssleay32.dll" #filename = "C:\\Users\\liang\\Desktop\\payload" shellcode = "{" ctr = 1 maxlen = 15 for b in open(filename, "rb").read(): shellcode += "0x" + str(binascii.hexlify(b.to_bytes(length=1, byteorder='big')))[2:4] + "," if ctr == maxlen: shellcode += "\n" ctr = 0 ctr += 1 shellcode = shellcode[:-1] + "}" print(shellcode) 将结果复制到char shellcode处,并 通过如下vs程序加载shellcode #include