这是我正在尝试进行恶意软件分析的代码示例。在 shellcodePayload 中,我可以存储汇编指令,甚至是可执行的有效载荷。但我想知道是否可以在本节中存储字母和数字。例如,我想添加一个文本字符串,如“HELLO WORLD”。可能吗?
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int main(void) {
void * alloc_mem;
BOOL retval;
HANDLE threadHandle;
DWORD oldprotect = 0;
unsigned char shellcodePayload[] = {
0x90, // NOP
0x90, // NOP
0xcc, // INT3
0xc3 // RET
};
unsigned int lengthOfshellcodePayload = 4;
alloc_mem = VirtualAlloc(0, lengthOfshellcodePayload, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
printf("%-20s : 0x%-016p\n", "shellcodePayload addr", (void *)shellcodePayload);
printf("%-20s : 0x%-016p\n", "alloc_mem addr", (void *)alloc_mem);
RtlMoveMemory(alloc_mem, shellcodePayload, lengthOfshellcodePayload);
retval = VirtualProtect(alloc_mem, lengthOfshellcodePayload, PAGE_EXECUTE_READ, &oldprotect);
printf("\nPress Enter to Create Thread!\n");
getchar();
if ( retval != 0 ) {
threadHandle = CreateThread(0, 0, (LPTHREAD_START_ROUTINE) alloc_mem, 0, 0, 0);
WaitForSingleObject(threadHandle, -1);
}
return 0;
}