Metasploit mailing list archives

alpha_mixed encoding not alpha

From: hdm at metasploit.com (H D Moore)
Date: Mon, 21 Jul 2008 08:38:56 -0500

Sairam answered part of this -- basically the alpha decoders still need a 
GetPC() to figure out their current location. Even if you pick an alpha 
decoder, it will still look at the bad characters list to determine which 
GetPC() code to use. In this case, 0xdb was not in the bad chars list, so 
it was used to GetPC(). The only way to force all alpha is by setting a 
bad characters list excluding non-alpha ranges, but that requires 
BufferRegister/BufferOffset to be specified so it can skip the GetPC() 
code. Looking at the module code, it seems like the old hack of 
GETPCTYPE=win32 no longer works...

-HD

On Monday 21 July 2008, Ty Miller wrote:

I didn't get a response on this one. If anyone has any comments or
suggestions relating to the email below, please shoot em through.

Current thread:

alpha_mixed encoding not alpha Ty Miller (Jul 21)
- alpha_mixed encoding not alpha M Purandhar Sairam (Jul 21)
- alpha_mixed encoding not alpha H D Moore (Jul 21)
  - alpha_mixed encoding not alpha Ty Miller (Jul 21)