类人猿编程联盟

设为首页 | 收藏本站
课程推荐

X64驱动R3R0通用汇编call执行库源码(导师开发库部分)

1030
发表时间:2020-07-05 21:17

这里是其中一小部分,需要全部源码可以加入我C++会员。

byte * push_rsp() //64位编码

{

byte code[1] = { 0x54 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * push_rbp() //64位编码

{

byte code[1] = { 0x55 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * push_rsi() //64位编码

{

byte code[1] = { 0x56 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * push_rdi() //64位编码

{

byte code[1] = { 0x57 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * mov_rax_value(__int64 value)   //qword

{

byte code[2] = { 0x48,0xb8 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));

CodeLen = CodeLen + sizeof(__int64);

return ShellCode;

}


byte * mov_rcx_value(__int64 value)   //qword

{

byte code[2] = { 0x48,0xb9 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));

CodeLen = CodeLen + 8;

return ShellCode;

}


byte * mov_rdx_value(__int64 value)   //qword

{

byte code[2] = { 0x48,0xba };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));

CodeLen = CodeLen + 8;

return ShellCode;

}


byte * mov_rbx_value(__int64 value)   //qword

{

byte code[2] = { 0x48,0xbb };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));

CodeLen = CodeLen + 8;

return ShellCode;

}


byte * mov_r8_value(__int64 value)   //qword

{

byte code[2] = { 0x49,0xb8 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));

CodeLen = CodeLen + 8;

return ShellCode;

}


byte * mov_r9_value(__int64 value)   //qword

{

byte code[2] = { 0x49,0xb9 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));

CodeLen = CodeLen + 8;

return ShellCode;

}


byte * mov_r10_value(__int64 value)   //mov r10, 6FFFFFFFFFFFFFFF

{

byte code[2] = { 0x49,0xba };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));

CodeLen = CodeLen + 8;

return ShellCode;

}


byte * mov_r11_value(__int64 value)   //qword

{

byte code[2] = { 0x49,0xbb };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));

CodeLen = CodeLen + 8;

return ShellCode;

}


byte * mov_r12_value(__int64 value)   //qword

{

byte code[2] = { 0x49,0xbc };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));

CodeLen = CodeLen + 8;

return ShellCode;

}


byte * mov_r13_value(__int64 value)   //qword

{

byte code[2] = { 0x49,0xbd };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));

CodeLen = CodeLen + 8;

return ShellCode;

}


byte * mov_r14_value(__int64 value)   //qword

{

byte code[2] = { 0x49,0xbe };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));

CodeLen = CodeLen + 8;

return ShellCode;

}


byte * mov_r15_value(__int64 value)   //qword

{

byte code[2] = { 0x49,0xbf };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));

CodeLen = CodeLen + 8;

return ShellCode;

}


byte * mov_rcx_rax() //64位编码

{

byte code[3] = { 0x48,0x8b,0xc8 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * mov_rax_rcx() //64位编码

{

byte code[3] = { 0x49,0x89,0xc8 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * mov_rax_rdx() //64位编码

{

byte code[3] = { 0x48,0x89,0xd0 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * mov_rdx_rax() //64位编码

{

byte code[3] = { 0x48,0x89,0xc2 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * mov_r8_r9() //64位编码

{

byte code[3] = { 0x4d,0x89,0xc8 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * mov_r9_r8() //64位编码

{

byte code[3] = { 0x4d,0x89,0xc1 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * mov_rcx_ptr_rcx() //64位编码

{

byte code[3] = { 0x48,0x8b,0x09 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * mov_rcx_ptr_rax() //64位编码

{

byte code[3] = { 0x48,0x8b,0x08 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}

byte * mov_rcx_ptr_rdx() //64位编码

{

byte code[3] = { 0x48,0x8b,0x0a };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * mov_rcx_ptr_rbx() //64位编码

{

byte code[3] = { 0x48,0x8b,0x0b };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * mov_rdx_ptr_rdx() //64位编码

{

byte code[3] = { 0x48,0x8b,0x12 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * mov_rdx_ptr_rcx() //64位编码

{

byte code[3] = { 0x48,0x8b,0x11 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * mov_rdx_ptr_rbx() //64位编码

{

byte code[3] = { 0x48,0x8b,0x13 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * mov_rdx_ptr_rax() //64位编码

{

byte code[3] = { 0x48,0x8b,0x10 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * mov_r8_ptr_r8() //64位编码

{

byte code[3] = { 0x4d,0x8b,0x00 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * mov_r8_ptr_r9() //64位编码

{

byte code[3] = { 0x4d,0x8b,0x01 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * mov_r8_ptr_r10() //64位编码

{

byte code[3] = { 0x4d,0x8b,0x02 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * mov_r9_ptr_r8() //64位编码

{

byte code[3] = { 0x4d,0x8b,0x08 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}

byte * mov_r9_ptr_r9() //64位编码

{

byte code[3] = { 0x4d,0x8b,0x09 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * mov_r9_ptr_r10() //64位编码

{

byte code[3] = { 0x4d,0x8b,0x0a };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * mov_r15_r8() //64位编码

{

byte code[3] = { 0x4d,0x89,0xc7 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * mov_r15_r9() //64位编码

{

byte code[3] = { 0x4d,0x89,0xcf };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}

byte * mov_r15_r10() //64位编码

{

byte code[3] = { 0x4d,0x89,0xd7 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * mov_r15_r11() //64位编码

{

byte code[3] = { 0x4d,0x89,0xdf };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * mov_r15_r12() //64位编码

{

byte code[3] = { 0x4d,0x89,0xe7 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * mov_r15_r13() //64位编码

{

byte code[3] = { 0x4d,0x89,0xef };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * mov_r15_r14() //64位编码

{

byte code[3] = { 0x4d,0x89,0xf7 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * mov_r15_r15() //64位编码

{

byte code[3] = { 0x4d,0x89,0xff };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * mov_r15_ptr_r8() //64位编码

{

byte code[3] = { 0x4d,0x8b,0x38 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * mov_r15_ptr_r9() //64位编码

{

byte code[3] = { 0x4d,0x8b,0x39 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * mov_r15_ptr_r10() //64位编码

{

byte code[3] = { 0x4d,0x8b,0x3a };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}



byte * mov_r15_ptr_r11() //64位编码

{

byte code[3] = { 0x4d,0x8b,0x3b };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * mov_r15_ptr_r12() //64位编码

{

byte code[4] = { 0x4d,0x8b,0x3c,0x24 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * mov_r15_ptr_r13() //64位编码

{

byte code[4] = { 0x4d,0x8b,0x7d,0x00 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}

byte * mov_r15_ptr_r14() //64位编码

{

byte code[3] = { 0x4d,0x8b,0x3e };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * mov_r15_ptr_r15() //64位编码

{

byte code[3] = { 0x4d,0x8b,0x3f };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}



byte * mov_qword_ptr_rax(__int64 value)   //qword这里是个内存地址

{

byte code[2] = { 0x48,0xa3 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));

CodeLen = CodeLen + 8;

return ShellCode;

}


byte * mov_rax_qword_ptr_rbp_add(int value)   //qword这里是个内存地址,mov rax, qword ptr ss:[rbp+FFFFFFF]

{

byte code[3] = { 0x48,0x8b,0x85 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(int));

CodeLen = CodeLen + 4;

return ShellCode;

}


byte * mov_rcx_qword_ptr_rbp_add(int value)   //qword这里是个内存地址,mov rax, qword ptr ss:[rbp+FFFFFFF]

{

byte code[3] = { 0x48,0x8b,0x8d };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(int));

CodeLen = CodeLen + 4;

return ShellCode;

}


byte * lea_rcx_rcx() //64位编码   [rcx]

{

byte code[3] = { 0x48,0x8d,0x09 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * lea_rax_rcx() //64位编码 [eax]

{

byte code[3] = { 0x48,0x8d,0x08 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * lea_rax_rax() //64位编码 [eax]

{

byte code[3] = { 0x48,0x8d,0x00 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * lea_rcx_rax() //64位编码   [eax]

{

byte code[3] = { 0x48,0x8d,0x01 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * add_rax_rcx() //64位编码 [eax]

{

byte code[3] = { 0x48,0x01,0xc8 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * add_rcx_rax() //64位编码 [eax]

{

byte code[3] = { 0x48,0x01,0xc1 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * add_rsp_value(int value)   //减法最大值是0xffffffff,这个是32位

{

byte code[3] = { 0x48,0x81,0xc4 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(int));

CodeLen = CodeLen + 4;

return ShellCode;

}


byte * sub_rsp_value(int value)   //减法最大值是0xffffffff,这个是32位

{

byte code[3] = { 0x48,0x81,0xec };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(int));

CodeLen = CodeLen + 4;

return ShellCode;

}


byte * sub_rax_rcx()   //减法

{

byte code[3] = { 0x48,0x29,0xc3 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * sub_rcx_rax()   //减法

{

byte code[3] = { 0x48,0x29,0xc1 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * ret()   //

{

byte code[1] = { 0xc3 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * retn(short value)   //减法

{

byte code[1] = { 0xc2 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(short));

CodeLen = CodeLen + sizeof(short);

return ShellCode;

}


byte * idiv_rax()   //除法 ,首先要讲值传到rax,最后的值传给rax 0x48,0x99 =cpo

{

byte code[5] = { 0x48,0x99,0x48,0xf7,0xf8 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * idiv_rcx()   //除法 ,首先要讲值传到rax,最后的值传给rax 0x48,0x99 =cpo

{

byte code[5] = { 0x48,0x99,0x48,0xf7,0xf9 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * div_rax()   //除法 ,首先要讲值传到rax,最后的值传给rax 0x48,0x99 =cpo

{

byte code[5] = { 0x48,0x99,0x48,0xf7,0xf0 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * div_rcx()   //除法 ,首先要讲值传到rax,最后的值传给rax 0x48,0x99 =cpo

{

byte code[5] = { 0x48,0x99,0x48,0xf7,0xf1 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * imul_rax_rcx()   //乘法

{

byte code[4] = { 0x48,0x0f,0xaf,0xc1 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * imul_r8_r9()   //乘法

{

byte code[4] = { 0x4d,0x0f,0xaf,0xc1 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * call_rax()   //易变

{

byte code[2] = { 0xff,0xd0 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * call_rcx()   //易变

{

byte code[2] = { 0xff,0xd1 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * call_r8()    //易变

{

byte code[3] = { 0x41,0xff,0xd0 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * call_r9()   //易变

{

byte code[3] = { 0x41,0xff,0xd1 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * call_r10()   //易变

{

byte code[3] = { 0x41,0xff,0xd2 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * call_r11()   //易变

{

byte code[3] = { 0x41,0xff,0xd3 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * call_r12()   //易变

{

byte code[3] = { 0x41,0xff,0xd4 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * call_r13()   //易变

{

byte code[3] = { 0x41,0xff,0xd5 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * call_r14()   //易变

{

byte code[3] = { 0x41,0xff,0xd6 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * call_r15()   //易变

{

byte code[3] = { 0x41,0xff,0xd7 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * jmp_r15()   //易变

{

byte code[3] = { 0x41,0xff,0xe7 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * call_ptr(int value)   //减法最大值是0xffffffff,这个是32位//这个函数x64有问题的,不建议用

{

byte code[2] = { 0xff,0x14};

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(int));

CodeLen = CodeLen + 4;

return ShellCode;

}


byte * movss_xmm0_dword_ptr_rcx()   //浮点数地址传值   movss xmm0, dword ptr ds:[rax]

{

byte code[4] = { 0xF3, 0x0F, 0x10, 0x01 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * movss_xmm0_dword_ptr_rax()   //浮点数地址传值   movss xmm0, dword ptr ds:[rax]

{

byte code[4] = { 0xF3, 0x0F, 0x10, 0x00 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * movss_xmm1_dword_ptr_rax()   //浮点数地址传值   movss xmm1, dword ptr ds:[rax]

{

byte code[4] = { 0xF3, 0x0F, 0x10, 0x08 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * movss_xmm2_dword_ptr_rax()   //浮点数地址传值   movss xmm2, dword ptr ds:[rax]

{

byte code[4] = { 0xF3, 0x0F, 0x10, 0x10 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * movss_xmm3_dword_ptr_rax()   //浮点数地址传值   movss xmm3, dword ptr ds:[rax]

{

byte code[4] = { 0xF3, 0x0F, 0x10, 0x18 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * movss_xmm4_dword_ptr_rax()   //浮点数地址传值   movss xmm4, dword ptr ds:[rax]

{

byte code[4] = { 0xF3, 0x0F, 0x10, 0x20 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * movss_xmm1_dword_ptr_rcx()                 //浮点数地址传值   movss xmm0, dword ptr ds:[rcx]

{

byte code[4] = { 0xF3, 0x0F, 0x10, 0x09 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * movss_xmm0_dword_ptr_r8()                   //浮点数地址传值   movss xmm0, dword ptr ds:[r8]

{

byte code[5] = { 0xF3, 0x41, 0x0f, 0x10,0x00 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * movss_xmm0_dword_ptr_r9()                    //浮点数地址传值   movss xmm0, dword ptr ds:[r9]

{

byte code[5] = { 0xF3, 0x41, 0x0f, 0x10,0x01 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * movss_dword_ptr_xmm0()   // movss dword ptr ds : [rax], xmm0 |

{

byte code[5] = { 0xF3, 0x67, 0x0F, 0x11, 0x01 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * addss_xmm0_dword_ptr_rax()   // addss xmm0, dword ptr ds : [rax]   浮点加法

{

byte code[4] = { 0xF3, 0x0f, 0x58, 0x00 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * subss_xmm0_dword_ptr_rax()   // addss xmm0, dword ptr ds : [rax]   浮点减法

{

byte code[4] = { 0xF3, 0x0f, 0x5c, 0x00 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * mulss_xmm0_dword_ptr_rax()   // addss xmm0, dword ptr ds : [rax]   浮点乘法

{

byte code[4] = { 0xF3, 0x0f, 0x59, 0x00 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * divss_xmm0_dword_ptr_rax()   // addss xmm0, dword ptr ds : [rax]   浮点除法

{

byte code[4] = { 0xF3, 0x0f, 0x5e, 0x00 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * xor_r9d_r9d()   // addss xmm0, dword ptr ds : [rax]   清空

{

byte code[3] = { 0x45, 0x31, 0xc9 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * xor_r8d_r8d()   // addss xmm0, dword ptr ds : [rax]   清空

{

byte code[3] = { 0x45, 0x31, 0xc0 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * xor_eax_eax()   // addss xmm0, dword ptr ds : [rax]   清空

{

byte code[2] = { 0x31, 0xc0 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * xor_ecx_ecx()   // addss xmm0, dword ptr ds : [rax]   清空

{

byte code[2] = { 0x31, 0xc9 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * xor_edx_edx()   // addss xmm0, dword ptr ds : [rax]   清空

{

byte code[2] = { 0x31, 0xd2 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * xor_rax_rax()   // addss xmm0, dword ptr ds : [rax]   清空

{

byte code[3] = { 0x48, 0x31,0xc0 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * xor_rcx_rcx()   // addss xmm0, dword ptr ds : [rax]   清空

{

byte code[3] = { 0x48, 0x31,0xc9 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * xor_r8_r8()   // addss xmm0, dword ptr ds : [rax]   清空

{

byte code[3] = { 0x4d, 0x31,0xc0 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * xor_r9_r9()   // addss xmm0, dword ptr ds : [rax]   清空

{

byte code[3] = { 0x4d, 0x31,0xc9 };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


byte * int3()   // addss xmm0, dword ptr ds : [rax]   清空

{

byte code[1] = { 0xcc };

RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

CodeLen = CodeLen + sizeof(code);

return ShellCode;

}


short WordToByteArray(short Value) //2字节整数转byte数组,网络转换

{

return htons(Value);

}


int intToByteArray(int Value) //4字节整数转byte数组,网络转换 ntohl应该也可以

{

return htonl(Value);

}


void ByteToHexStr(const unsigned char* source, char* dest, int sourceLen)//char*字符串转编码   备份函数

{

short i;

unsigned char highByte, lowByte;


for (i = 0; i < sourceLen; i++)

{

highByte = source[i] >> 4;

lowByte = source[i] & 0x0f;


highByte += 0x30;


if (highByte > 0x39)

dest[i * 2] = highByte + 0x07;

else

dest[i * 2] = highByte;


lowByte += 0x30;

if (lowByte > 0x39)

dest[i * 2 + 1] = lowByte + 0x07;

else

dest[i * 2 + 1] = lowByte;

}

return;

}


bool HexToString(unsigned char *pSrc, std::string &dest, int nL) //char[]字节数组转->字符串

{

char buf[256];


memset((char *)buf, 0, sizeof(buf));


unsigned char hb;

unsigned char lb;


for (int i = 0; i < nL; i++)

{

hb = (pSrc[i] & 0xf0) >> 4;


if (hb >= 0 && hb <= 9)

hb += 0x30;

else if (hb >= 10 && hb <= 15)

hb = hb - 10 + 'A';

else

return false;


lb = pSrc[i] & 0x0f;

if (lb >= 0 && lb <= 9)

lb += 0x30;

else if (lb >= 10 && lb <= 15)

lb = lb - 10 + 'A';

else

return false;


buf[i * 2] = hb;

buf[i * 2 + 1] = lb;

}

dest = buf;

return true;

}


bool StringToHex(std::string &src, unsigned char *dest)////字符串====字节数组

{

unsigned char hb;

unsigned char lb;


if (src.size() % 2 != 0)

return false;


transform(src.begin(), src.end(), src.begin(), toupper);


for (int i = 0, j = 0; i < (int)src.size(); i++)

{

hb = src[i];

if (hb >= 'A' && hb <= 'F')

hb = hb - 'A' + 10;

else if (hb >= '0' && hb <= '9')

hb = hb - '0';

else

return false;


i++;

lb = src[i];

if (lb >= 'A' && lb <= 'F')

lb = lb - 'A' + 10;

else if (lb >= '0' && lb <= '9')

lb = lb - '0';

else

return false;


dest[j++] = (hb << 4) | (lb);

}

return true;

}