Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > vuln-dev > 03 > 070662.html (Request Expert securityfocus.com Support)

Re: GetPC code (was: Shellcode from ASCII)

From: Berend-Jan Wever <SkyLined(at)edup.tudelft.nl>
Date: Tue Jul 01 2003 - 03:59:43 EDT

  • Original Message ----- From: "Gerardo Richarte" <gera@corest.com> To: <vuln-dev@securityfocus.com> Sent: Monday, June 30, 2003 16:11 Subject: Re: GetPC code (was: Shellcode from ASCII)

> Berend-Jan Wever wrote:
>
> Well... nop slides are not a problem: if you have some approximation of
may
> make the process crash while scanning for the shellcode in memory... You
I don't see how you are going to scan memory if you can not make your code loop (jmp-ing back uses a negative dislocations, which is >0x80 and not alpha numeric)
The "counting" nopslide is a great idear, and since I was going to get the baseaddress of the shellcode from a register, you can use the "inc %ebx" (or any other register except eax) too ;)

> On the other hand, there ARE some exploits where you don't know the
of
> getting it (and not just mov %eip, %eax).
If it's on the stack, esp or ebp can be used and possibly some other registers.
If it's on the heap, you might be able to find some static pointer or pointer on the stack the gives you the baseaddress of your shellcode. Too bad you can not add or sub an offset from a register.

>
> > PS. hi gera, halvar ;)
 :P:p:P hehehe

SkyLined

PS. "Alpha", my _uppercase_ alphanumeric shellcode generator is a few days away from completion ;)

PS2. The latest IE BoF can be exploited ;) (let me know if you want it Sunil) Received on Wed Jul 2 01:53:31 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:40 EDT

Do you need help?X
Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library