Hosting Provided By

Re: Jump back to shellcode Windows overflow

From: Matt Conover <shok(at)camel.ethereal.net>
Date: Tue Apr 22 2003 - 14:22:50 EDT

You need to put a jmp instruction to jump back to your shellcode (which should be located after the return address). Try something like this: [NOPs][Shellcode][Padding (ebp, local vars, etc.)][Return address = pointer to a JMP ESP][jmp 0-padding-shellcode_len-5]

Note the first thing your shellcode should do is add esp, 0xffffeff0 (which is the same as subtracting esp by ~4K) so that when you push stuff onto the stack you're not corrupting your shellcode

Matt

On Mon, 22 Apr 2003 chaboyd77@yahoo.com wrote:

>
>
> I'm practicing developing Windows Buffer Overflows and
Received on Tue Apr 22 15:55:20 2003

This message: [ Message body ]
Next message: defaillance(at)hushmail.com: "Re: Defacement Stats"
Previous message: Dmitry Glushenok: "Re: defacement stats"
In reply to chaboyd77(at)yahoo.com: "Jump back to shellcode Windows overflow"
Next in thread: Dino Dai Zovi: "Re: Jump back to shellcode Windows overflow"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:38 EDT