Loading... 将CS中括号中的字符串提取出来放入sBuf中返回是处理好的堆内存 {"\\xx......\\xx} ```cpp void* Buf16ToMem16(std::string sBuf,_Outptr_ DWORD &BufSize) { std::string strBuf = sBuf; std::string strtmp; DWORD dwSt = 0, dwEd = 0, dwCount = 0, dwStrSz = 0; BYTE* bTmp = new BYTE{ 0 }; void* TmpVoid; void* RetVoid; dwStrSz = strBuf.size(); dwSt = strBuf.find("\\", dwSt ? dwSt + 1 : 0); TmpVoid = new char[dwStrSz] {0}; while (true) { dwEd = strBuf.find("\\", dwSt + 1); strtmp = strBuf.substr(dwSt + 1, (dwEd - dwSt - 1)); sscanf_s(strtmp.c_str(), "x%x", &bTmp); memcpy_s((char*)TmpVoid + dwCount, 1, &bTmp, 1); if (dwEd == std::string::npos) { break; } ++dwCount; dwSt = dwEd; } RetVoid = new char[dwCount + 1]{ 0 }; memcpy_s(RetVoid, dwCount + 1, TmpVoid, dwCount + 1); delete TmpVoid; TmpVoid = NULL; BufSize = dwCount + 1; return RetVoid; } ``` ## 内存转ShellCode ```cpp std::string hexdump(void* addr, size_t length) { string sRet; char* pcaddr = (char*)addr; char temp[512]; size_t put_size = 0; size_t used_size = 0; size_t remain_size = sizeof(temp); for (unsigned long i = 0; i < length; ++i) { unsigned char var = *(unsigned char*)(pcaddr + i); put_size = snprintf(temp, remain_size, "0x%02X", var); sRet += temp; if (i == length - 1) { return sRet; } sRet += ","; memset(temp, 0, sizeof(temp)); } printf("%s\n", sRet.c_str()); return sRet; } ``` 最后修改:2022 年 04 月 24 日 © 允许规范转载 赞 0 如果觉得我的文章对你有用,请随意赞赏