- UID
- 1821
- 精华
- 积分
- 3193
- 威望
- 点
- 宅币
- 个
- 贡献
- 次
- 宅之契约
- 份
- 最后登录
- 1970-1-1
- 在线时间
- 小时
|
本帖最后由 Ayala 于 2017-4-10 18:52 编辑
写了个简单的C2替换原C2 在原C2目录新建立一个文件夹org把原C2放进去 追加输出.asm文件
参考 https://www.0xaa55.com/forum.php ... tid=1881&ctid=2
- char * __stdcall GetCommandLineA();
- int main()
- {
- char buf[256]={0};
- sprintf(&buf,"org\\%s -Fa foo.asm",GetCommandLineA());
- return system(&buf);;
- }
- Sub foo(ByVal str1 As String, ByRef str2 As String)
-
- End Sub
- Sub Main()
- Dim str As String
- str = "0xAA55·技术宅的结界"
- foo str, str
- End Sub
- Sub too()
- Dim str As String
- str = "0xAA55·技术宅的结界"
- str = "论坛"
-
- End Sub
-
- TITLE Module1
- .386P
- include listing.inc
- if @Version gt 510
- .model FLAT
- else
- _TEXT SEGMENT PARA USE32 PUBLIC 'CODE'
- _TEXT ENDS
- _DATA SEGMENT DWORD USE32 PUBLIC 'DATA'
- _DATA ENDS
- CONST SEGMENT DWORD USE32 PUBLIC 'CONST'
- CONST ENDS
- _BSS SEGMENT DWORD USE32 PUBLIC 'BSS'
- _BSS ENDS
- _TLS SEGMENT DWORD USE32 PUBLIC 'TLS'
- _TLS ENDS
- text$1 SEGMENT PARA USE32 PUBLIC ''
- text$1 ENDS
- ; COMDAT ?foo@Module1@@AAGXXZ
- text$1 SEGMENT PARA USE32 PUBLIC ''
- text$1 ENDS
- ; COMDAT ?Main@Module1@@AAGXXZ
- text$1 SEGMENT PARA USE32 PUBLIC ''
- text$1 ENDS
- ; COMDAT ?too@Module1@@AAGXXZ
- text$1 SEGMENT PARA USE32 PUBLIC ''
- text$1 ENDS
- FLAT GROUP _DATA, CONST, _BSS
- ASSUME CS: FLAT, DS: FLAT, SS: FLAT
- endif
- PUBLIC ?foo@Module1@@AAGXXZ ; Module1::foo
- EXTRN __imp_@__vbaStrCopy:NEAR
- EXTRN __imp_@__vbaFreeStr:NEAR
- EXTRN ___vbaExceptHandler:NEAR
- EXTRN __except_list:DWORD
- ; COMDAT CONST
- ; File Module1
- CONST SEGMENT
- $S25 DB 02H, 00H
- DB 04H, 00H
- DB 00H, 00H, 00H, 00H
- DD FLAT:$L24
- CONST ENDS
- ; COMDAT ?foo@Module1@@AAGXXZ
- text$1 SEGMENT
- _str1$ = 8
- _str1$ = -20
- __$SEHRec$ = -16
- ?foo@Module1@@AAGXXZ PROC NEAR ; Module1::foo, COMDAT
- ; File Module1
- ; Line 1
- push ebp
- mov ebp, esp
- sub esp, 8
- push OFFSET FLAT:___vbaExceptHandler
- mov eax, DWORD PTR fs:__except_list
- push eax
- mov DWORD PTR fs:__except_list, esp
- sub esp, 8
- push ebx
- push esi
- push edi
- mov DWORD PTR __$SEHRec$[ebp+8], esp
- mov DWORD PTR __$SEHRec$[ebp+12], OFFSET FLAT:$S25
- mov edx, DWORD PTR _str1$[ebp]
- lea ecx, DWORD PTR _str1$[ebp]
- mov DWORD PTR _str1$[ebp], 0
- call DWORD PTR __imp_@__vbaStrCopy
- push $L55
- $L50:
- ; Line 3
- $L24:
- lea ecx, DWORD PTR _str1$[ebp]
- call DWORD PTR __imp_@__vbaFreeStr
- $L53:
- ret 0
- $L55:
- mov ecx, DWORD PTR __$SEHRec$[ebp]
- pop edi
- pop esi
- mov DWORD PTR fs:__except_list, ecx
- pop ebx
- mov esp, ebp
- pop ebp
- ret 8
- ?foo@Module1@@AAGXXZ ENDP ; Module1::foo
- text$1 ENDS
- PUBLIC ?Main@Module1@@AAGXXZ ; Module1::Main
- EXTRN ___vba@056067A4:BYTE
- ; COMDAT CONST
- ; File Module1
- CONST SEGMENT
- $S33 DB 02H, 00H
- DB 04H, 00H
- DB 00H, 00H, 00H, 00H
- DD FLAT:$L32
- CONST ENDS
- ; COMDAT ?Main@Module1@@AAGXXZ
- text$1 SEGMENT
- _str$ = -20
- __$SEHRec$ = -16
- ?Main@Module1@@AAGXXZ PROC NEAR ; Module1::Main, COMDAT
- ; File Module1
- ; Line 5
- push ebp
- mov ebp, esp
- sub esp, 8
- push OFFSET FLAT:___vbaExceptHandler
- mov eax, DWORD PTR fs:__except_list
- push eax
- mov DWORD PTR fs:__except_list, esp
- sub esp, 8
- push ebx
- push esi
- push edi
- mov DWORD PTR __$SEHRec$[ebp+8], esp
- mov DWORD PTR __$SEHRec$[ebp+12], OFFSET FLAT:$S33
- ; Line 7
- mov edx, OFFSET FLAT:___vba@056067A4
- lea ecx, DWORD PTR _str$[ebp]
- mov DWORD PTR _str$[ebp], 0
- call DWORD PTR __imp_@__vbaStrCopy
- ; Line 8
- mov ecx, DWORD PTR _str$[ebp]
- lea eax, DWORD PTR _str$[ebp]
- push eax
- push ecx
- call ?foo@Module1@@AAGXXZ ; Module1::foo
- push $L67
- $L62:
- ; Line 9
- $L32:
- lea ecx, DWORD PTR _str$[ebp]
- call DWORD PTR __imp_@__vbaFreeStr
- $L65:
- ret 0
- $L67:
- mov ecx, DWORD PTR __$SEHRec$[ebp]
- pop edi
- pop esi
- mov DWORD PTR fs:__except_list, ecx
- pop ebx
- mov esp, ebp
- pop ebp
- ret 0
- ?Main@Module1@@AAGXXZ ENDP ; Module1::Main
- text$1 ENDS
- PUBLIC ?too@Module1@@AAGXXZ ; Module1::too
- EXTRN ___vba@056067C8:BYTE
- ; COMDAT CONST
- ; File Module1
- CONST SEGMENT
- $S40 DB 02H, 00H
- DB 04H, 00H
- DB 00H, 00H, 00H, 00H
- DD FLAT:$L39
- CONST ENDS
- ; COMDAT ?too@Module1@@AAGXXZ
- text$1 SEGMENT
- _str$ = -20
- __$SEHRec$ = -16
- ?too@Module1@@AAGXXZ PROC NEAR ; Module1::too, COMDAT
- ; File Module1
- ; Line 11
- push ebp
- mov ebp, esp
- sub esp, 8
- push OFFSET FLAT:___vbaExceptHandler
- mov eax, DWORD PTR fs:__except_list
- push eax
- mov DWORD PTR fs:__except_list, esp
- sub esp, 8
- push ebx
- push esi
- push edi
- mov DWORD PTR __$SEHRec$[ebp+8], esp
- mov DWORD PTR __$SEHRec$[ebp+12], OFFSET FLAT:$S40
- ; Line 13
- mov esi, DWORD PTR __imp_@__vbaStrCopy
- mov edx, OFFSET FLAT:___vba@056067A4
- lea ecx, DWORD PTR _str$[ebp]
- mov DWORD PTR _str$[ebp], 0
- call esi
- ; Line 14
- mov edx, OFFSET FLAT:___vba@056067C8
- lea ecx, DWORD PTR _str$[ebp]
- call esi
- push $L77
- $L72:
- ; Line 16
- $L39:
- lea ecx, DWORD PTR _str$[ebp]
- call DWORD PTR __imp_@__vbaFreeStr
- $L75:
- ret 0
- $L77:
- mov ecx, DWORD PTR __$SEHRec$[ebp]
- pop edi
- pop esi
- mov DWORD PTR fs:__except_list, ecx
- pop ebx
- mov esp, ebp
- pop ebp
- ret 0
- ?too@Module1@@AAGXXZ ENDP ; Module1::too
- text$1 ENDS
- END
|
|
|Archiver|小黑屋|技术宅的结界
( 滇ICP备16008837号 )|网站地图
发表于 2017-4-10 18:49:33
发表于 2017-4-18 12:17:02
