UC知道exploit的问题,谢谢~
来源:百度知道 编辑:UC知道 时间:2024/09/21 23:29:09
char code[] = "\x31\xc0\xbb\xea\x1b\xe6\x77\x66\xb8\x88\x13\x50\xff\xd3"
里面的\x是什么意思??????望详细解释,小白我刚学这东西,以上数组是我在一个讲解shellcode的网站(http://www.vividmachines.com/shellcode/shellcode.html#win32ex1)上看到的,如果大家怕有毒什么的就别点(反正我把代码和他给的解释贴在下面了),
Example 1 - Sleep is for the Weak!
In order to write successful code, we first need to decide what functions we wish to use for this shellcode and then find their absolute addresses. For this example we just want a thread to sleep for an allotted amount of time. Let's load up arwin (found above) and get started. Remember, the only module guaranteed to be mapped into the processes address space is kernel32.dll. So for this example, Sleep seems to be the simplest function, accepting the amount of time the thread should suspend as its only argument.
里面的\x是什么意思??????望详细解释,小白我刚学这东西,以上数组是我在一个讲解shellcode的网站(http://www.vividmachines.com/shellcode/shellcode.html#win32ex1)上看到的,如果大家怕有毒什么的就别点(反正我把代码和他给的解释贴在下面了),
Example 1 - Sleep is for the Weak!
In order to write successful code, we first need to decide what functions we wish to use for this shellcode and then find their absolute addresses. For this example we just want a thread to sleep for an allotted amount of time. Let's load up arwin (found above) and get started. Remember, the only module guaranteed to be mapped into the processes address space is kernel32.dll. So for this example, Sleep seems to be the simplest function, accepting the amount of time the thread should suspend as its only argument.
8048080: 31 c0
8048082: bb ea 1b e6 77
8048087: 66 b8 88 13
804808b: 50
804808c: ff d3
address: opcode/mechine code
understand? shellcode其实是机器码~ \x是分隔符
当然是16进制了
16进制的意思~
16进制了
开始一段
是这个意思
为了写成功的代码, 我们首先需要决定什么作用我们希望使用为这shellcode 和然后发现他们的绝对地址。为这个例子我们要螺纹睡觉为被定量的时间。Let's 装载arwin (被发现以上) 并且开始。记住, 唯一的模块被保证被映射入过程地址空间是kernel32.dll 的。如此为这个例子, 睡眠似乎是最简单的作用, 接受螺纹应该暂停作为它唯一论据的时间。
后面的是16进制了