Hosting Provided By

Re: GetPC code (was: Shellcode from ASCII)

From: Roland Postle <mail(at)blazde.co.uk>
Date: Thu Jun 26 2003 - 15:40:30 EDT

On Thu, 26 Jun 2003 11:46:33 -0300, Gerardo Richarte wrote:

>Ok, first challenge: create a Get PC code with no zeros and no 0xff

Not so generic, it's only for Windows NT, but I imagine similar things could be done on other platforms if some guaranteed mapped space could be found without null or 0xFF in it's address.

B9 D0FEFD7F MOV ECX,7FFDFED0
8B01 MOV EAX,DWORD PTR DS:[ECX] C701 5B53C341 MOV DWORD PTR DS:[ECX],41C3535B E8 D8DFBD7F CALL 7FFDFED0
8901 MOV DWORD PTR DS:[ECX],EAX First thoughts on the second challenge: You can't use any of the call opcodes, but you might be able to setup a quick exception handler in the known mapped space. Cause a fault, and then find the address of your fault causing instruction in the structure that's passed. (Again I'm talking NT).

Blazde

Received on Thu Jun 26 16:14:08 2003

This message: [ Message body ]
Next message: Gerardo Richarte: "Re: GetPC code (was: Shellcode from ASCII)"
Previous message: Gerardo Richarte: "Re: Shellcode from ASCII"
In reply to Gerardo Richarte: "GetPC code (was: Shellcode from ASCII)"
Next in thread: Gerardo Richarte: "Re: GetPC code (was: Shellcode from ASCII)"
Reply: Gerardo Richarte: "Re: GetPC code (was: Shellcode from ASCII)"
Reply: Roland Postle: "Re: GetPC code (was: Shellcode from ASCII)"
Reply: noir: "Re: GetPC code (was: Shellcode from ASCII)"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:40 EDT