最简单shellcode 实现

// Bug_Test.cpp : Defines the entry point for the console application.
//

#include "stdafx.h"
#include <stdio.h>
#include <Windows.h>
 
 
typedef int (__stdcall  *Message)(
            HWND hWnd ,
            LPCSTR lpText,
            LPCSTR lpCaption,
    UINT uType);
char shellcode[] = "\x55"
"\x31\xFF\x57\x89\xE5\x81\xEC\x04\x00\x00\x00\xC6\x45\xF8\x63\xC6\x45\xF9\x6D\xC6"
"\x45\xFA\x64\xC6\x45\xFB\x63\xC6\x45\xFC\x63\xC6\x45\xFD\x63\xC6\x45\xFE\x63\x68"
"\x00\x00\x00\x00\x8D\x45\xF8\x50\x50\x68\x00\x00\x00\x00\xBA\xEA\x07\xD5\x77\xFF"
"\xD2\x89\xEC\x5F\x5D\xC3";

int main(int argc, char* argv[])
{
    Message mess=&MessageBox;
    printf("%x\n",mess);
    /*
    _asm
    {
 
push ebp 
xor edi,edi
push edi
mov ebp,esp   
sub esp,04h
mov byte [ebp-08h],63h
mov byte [ebp-07h],6Dh
mov byte [ebp-06h],64h
mov byte [ebp-05h],63h
mov byte [ebp-04h],63h
mov byte [ebp-03h],63h
mov byte [ebp-02h],63h
push 0       
lea eax,[ebp-08h]
push eax
push eax
push 0
mov edx,0x77d507ea  // 0x77d507ea  MessageBox地址
call edx
mov esp,ebp
pop edi
pop ebp
    } */  ==> shellcode
    ((void(*)(void))&shellcode)();   
 
    return 0;
}