二进制安全C/C++汇编Shellcode [2021]正确探测到内存映射的模块 "无文件落地"/木马/外挂/后门 @lordtristan ```cpp if(VirtualQueryEx(hProc, lpAddress, &mbi, sizeof(mbi))){ //Use "mbi." here, its just a fast C&p from my source if((dwState & MEM_COMMIT) && ((dwProtect & PAGE_EXECUTE_READWRITE) || (dwProtect & PAGE_EXECUTE_READ)) && !(dwProtect & PAGE_NOACCESS) && !(dwProtect & PAGE_GUARD) && !(dwState & MEM_RELEASE)) { VirtualLock(lpAddress, dwSize); HMODULE hModule; GetModuleHandleExA(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS | GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT, (LPCTSTR)lpAddress, &hModule); if(!hModule) //Inside of the exe file { DWORD dwDLLMain = FindPattern((DWORD)lpAddress, dwSize, (BYTE*)"\x55\x8b\xec\x83\x7d\x0c\x01\x75\x00", "xxxxxxxx?"); if(dwDLLMain) { //DLL-Main inside of the exe file?! //Do whatever yo uwant now :D } } VirtualUnlock(lpAddress, dwSize); } } ``` 阅读全文 2021-03-16 huoji 0 条评论