GetPC code (was: Shellcode from ASCII)

In the previous email (Re: Shellcode from ASCII) I sent a piece of code that needs "EDI pointing to its first byte", this means, it needs to know the address in memory where itself (the code) is located.

There are several ways to do this, the most I like is

CALL $+4
RET
POP EBX or

call .+4
ret
pop %ebx

this is pretty generic, has no zeros and is a small as we could do it (it doesn't mean there's no smaller way). And it also makes you think for a few seconds :-)

Ok, first challenge: create a Get PC code with no zeros and no 0xff in it. sounds easy? hehe, it's not. However, we know it's possible, at least sometimes.

Second challenge, for which we have no answer yet (it's not that we are spending all our time to solve it either), write a GetPC code with no zeros, no 0xff... and only "ascii" (either extended ascii ranging form 0x21 to 0x7f) or with as few "weird" characters as possible...

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

        ok, you know the challenges... there are no rules I think :-)

        gera

PS: Of course, as halvar told me when I through this questions at him once: how did you jump to your code in the first place [if you don't know its address]. And well... he does have a strong point there... but heh, it's still a lot of fun to think about this small pieces of code, isn't it? :-) Received on Thu Jun 26 12:04:33 2003