Metasploit mailing list archives
alpha_mixed encoding not alpha
From: hdm at metasploit.com (H D Moore)
Date: Mon, 21 Jul 2008 08:38:56 -0500
Sairam answered part of this -- basically the alpha decoders still need a GetPC() to figure out their current location. Even if you pick an alpha decoder, it will still look at the bad characters list to determine which GetPC() code to use. In this case, 0xdb was not in the bad chars list, so it was used to GetPC(). The only way to force all alpha is by setting a bad characters list excluding non-alpha ranges, but that requires BufferRegister/BufferOffset to be specified so it can skip the GetPC() code. Looking at the module code, it seems like the old hack of GETPCTYPE=win32 no longer works... -HD On Monday 21 July 2008, Ty Miller wrote:
I didn't get a response on this one. If anyone has any comments or suggestions relating to the email below, please shoot em through.
Current thread:
- alpha_mixed encoding not alpha Ty Miller (Jul 21)
- alpha_mixed encoding not alpha M Purandhar Sairam (Jul 21)
- alpha_mixed encoding not alpha H D Moore (Jul 21)
- alpha_mixed encoding not alpha Ty Miller (Jul 21)