Hosting Provided By

Re: GetPC code (was: Shellcode from ASCII)

From: noir <noir(at)gsu.linux.org.tr>
Date: Fri Jun 27 2003 - 16:22:15 EDT

"""
> First thoughts on the second challenge: You can't use any of the call

I'm not sure this could be done (same problem) but, keep this in mind anyway :-
) [hint]

gera
"""

i have spend good 20 minutes on this, i don't have the solution yet due to lack of time but i thought this might be interesting for the list.

basicly, i'm simulating a floating point exception (division by zero) and then grabbing the EIP(pc) from the exception record. PC is the location of the fdivs instruction since that instruction created the exception condition so we add 11 on top to make %eax point to the nop instruction. (ATT syntax)

        xor     %eax, %eax
        push    %eax
        fdivs   (%esp)
        fnstenv (%esp)
        mov     0xc(%esp), %eax
        add     $0xd, %eax
        nop

noir

sup mate ? ;) Received on Fri Jun 27 16:56:52 2003

This message: [ Message body ]
Next message: sec-labs team: "Re: Windows Shellcode Writing"
Previous message: Blue Boar: "Re: Starting on Assembly under win32"
Maybe in reply to: Gerardo Richarte: "GetPC code (was: Shellcode from ASCII)"
In reply to Roland Postle: "Re: GetPC code (was: Shellcode from ASCII)"
Next in thread: Gerardo Richarte: "Re: GetPC code (was: Shellcode from ASCII)"
Reply: Gerardo Richarte: "Re: GetPC code (was: Shellcode from ASCII)"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:40 EDT