Win32 Show Msgbox 【Testing!】ShellCode

Win32 Show Msgbox Testing! ShellCode：

    Win32 Show Msgbox Testing! ShellCode，一段平时用测试溢出执行用的ShellCode，弹出来一个Msgbox框框，就说明执行成功了。大家可能用不着，还是发出来吧。

ShellCode：

FC686A0A381E686389D14F683274910C8BF48D7EF433DBB7042BE366BB33325368757365725433D2648B5A308B4B0C8B491C8B098B6908AD3D6A0A381E750595FF57F895608B453C8B4C057803CD8B592003DD33FF478B34BB03F5990FBE063AC47408C1CA0703D046EBF13B54241C75E48B592403DD668B3C7B8B591C03DD032CBB955FAB57613D6A0A381E75A933DB5368696E672168746573748BC453505053FF57FC53FF57F8

对应的十六进制转字符串的数值：

黨j
8hc壯Oh2t?嬼崀?鄯+鉬?2ShuserT3襠媄0婯 婭?媔?j
8u?W鴷`婨<婰x蛬Y ?G??鯔?:膖潦蠪腭;T$u鋴Y$輋?{媃?,粫_玏a=j
8u?跾hing!htest嬆SPPSW黃W

    上文加粗的字体中的字符串为：弹出来的对话框的内容。格式为：每隔四个字节加上字符“h”并倒叙写入。例如：【hing!htest】，分割后变为：【hing!】【htest】，去掉字符“h”：【ing!】【test】，再每隔四个字节倒过来组合既是：【testing!】。

对应的汇编语句：

00000048:  8B4C05 78                  MOV ECX, [DWORD SS:EBP+EAX+78]
0000004C:  03CD                       ADD ECX, EBP
0000004E:  8B59 20                    MOV EBX, [DWORD DS:ECX+20]
00000051:  03DD                       ADD EBX, EBP
00000053:  33FF                       XOR EDI, EDI
00000055:  47                         INC EDI
00000056:  8B34BB                     MOV ESI, [DWORD DS:EBX+EDI*4]
00000059:  03F5                       ADD ESI, EBP
0000005B:  99                         CDQ
0000005C:  0FBE06                     MOVSX EAX, [BYTE DS:ESI]
0000005F:  3AC4                       CMP AL, AH
00000061:  74 08                      JE SHORT 0000006B
00000063:  C1CA 07                    ROR EDX, 7
00000066:  03D0                       ADD EDX, EAX
00000068:  46                         INC ESI
00000069:  EB F1                      JMP SHORT 0000005C
0000006B:  3B5424 1C                  CMP EDX, [DWORD SS:ESP+1C]
0000006F:  75 E4                      JNZ SHORT 00000055
00000071:  8B59 24                    MOV EBX, [DWORD DS:ECX+24]
00000074:  03DD                       ADD EBX, EBP
00000076:  66:8B3C7B                  MOV DI, [WORD DS:EBX+EDI*2]
0000007A:  8B59 1C                    MOV EBX, [DWORD DS:ECX+1C]
0000007D:  03DD                       ADD EBX, EBP
0000007F:  032CBB                     ADD EBP, [DWORD DS:EBX+EDI*4]
00000082:  95                         XCHG EAX, EBP
00000083:  5F                         POP EDI
00000084:  AB                         STOS [DWORD ES:EDI]
00000085:  57                         PUSH EDI
00000086:  61                         POPAD
00000087:  3D 6A0A381E                CMP EAX, 1E380A6A
0000008C:  75 A9                      JNZ SHORT 00000037
0000008E:  33DB                       XOR EBX, EBX
00000090:  53                         PUSH EBX
00000091:  68 696E6721                PUSH 21676E69
00000096:  68 74657374                PUSH 74736574
0000009B:  8BC4                       MOV EAX, ESP
0000009D:  53                         PUSH EBX
0000009E:  50                         PUSH EAX
0000009F:  50                         PUSH EAX
000000A0:  53                         PUSH EBX
000000A1:  FF57 FC                    CALL NEAR [DWORD DS:EDI-4]
000000A4:  53                         PUSH EBX
000000A5:  FF57 F8                    CALL NEAR [DWORD DS:EDI-8]