--- title: Modern Windows Exploit Development 閱讀筆記 tags: security lang: zh_tw --- # Modern Windows Exploit Development 閱讀筆記 [TOC] # 前言 :::info 來源: https://docs.alexomar.com/biblioteca/Modern%20Windows%20Exploit%20Development.pdf ::: # 重要頁碼 - 17 Mona 2 - 49 Example of Shellcode - 52 - Compiler Configuration - Linker Configuration - 63 Python script - shellcode extractor - 89 ExploitMe1 - 101 > 0xCC is the opcode for int 3 which is used by debuggers as a software breakpoint - 104 ExploitMe2 # Windbg * 移至筆記: [連結](https://hackmd.io/@LJP/Bk9F9I7Zt) # Windows Mitigation - 使用指令將 exe 的 ASLR 關閉 - https://docs.microsoft.com/en-us/powershell/module/processmitigations/set-processmitigation?view=win10-ps - https://docs.microsoft.com/zh-tw/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection#cmdlets-table - 在 VS 2019 關閉 `DEP` 和 `Stack cookies` (等校於 Linux 中的 `NX` 以及 `Stack canary`) - Configuration Properties - C/C++ - Code Generation - Security Check: Disable Security Check (/GS-) - Linker - Advanced - Data Execution Prevention (DEP): No (/NXCOMPAT:NO)