一 加载shellcode的C代码

#include <windows.h>
#include <stdio.h>

LPVOID read_shellcodefile_into_memory(char* shellcode)
{
FILE* hFile = NULL;
errno_t err; //判断此文件流是否存在 存在返回1
DWORD dwFileSize = 0;

err = fopen_s(&hFile,shellcode,"rb");

if (err!=0)
{
printf(" [!] File open fail\n");
return NULL;
}
fseek(hFile, 0, SEEK_END);
dwFileSize = ftell(hFile) + 1;
printf(" [*] Shellcode Size: 0x%04x\n", dwFileSize);
fseek(hFile, 0, SEEK_SET);
LPVOID lpBase = VirtualAlloc(NULL, dwFileSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
printf(" [*] Allocated Address: 0x%08x\n", lpBase);
fread(lpBase, dwFileSize, 1, hFile);
fclose(hFile);

return lpBase;
}

int execute(int entry)
{
DWORD dwId;
DWORD dwStatus;
LPVOID bReadBuffer;
SIZE_T nReadSize = 0;

HANDLE hHandle = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)entry, NULL, 0x4, &dwId);
if (!hHandle)
{
printf(" [!] CreateThread Failed!\n");
return -1;
}
printf(" [*] Please jmp to 0x%08x set a breakpoint\n\ Then press any key to resume the thread\n", entry);
getchar();

ResumeThread(hHandle);
while (1)
{
dwStatus = WaitForSingleObject(hHandle, 0);
if (dwStatus == WAIT_FAILED || dwStatus == WAIT_OBJECT_0)
{
CloseHandle(hHandle);
printf(" [*] Thread Exited!\n");
ExitThread(-1);
}
}
}

int main(int argc, char* argv[])
{
int nEntry = 0;

if (argc < 2)
{
printf(" [!] Please input the shellcode filename on the parameter\n");
return -1;
}
printf(" [*] Shellcode File: %s\n", argv[1]);
LPVOID lpBase = read_shellcodefile_into_memory(argv[1]);
if (!lpBase)
{
printf(" [!] Allocated memory failed!\n");
return -2;
}
nEntry = (int)lpBase;
printf(" [*] Shellcode EntryPoint: 0x%08x\n", nEntry);
execute(nEntry);

return 0;
}

Jump到这个内存下断点，即可调试shellcode。