AMD Sledgehammer and ascii-only shellcode

[Holger van Koll <holger () VANKOLL DE>]

Hi,

the new AMD cpu has the feature to access data relatively to the
instruction pointer.

See http://neon.amd.com/products/cpg/64bit/pdf/x86-64_overview.pdf for
details.

AFAIK it´s still considered impossible to code shellcode using only
ascii-data as commands like jmp, call are not within this range.

Lets say you want to execute an opcode of 20 as the start of your
"arbitrary code" but cannot as 20 is not within the ascii-range.

With this new AMD cpu you should be able to send f.e. 80 as the second
opcode and a command like "subtract 60 from the address 2 bytes after
current IP" (as the first opcode) to get your opcode of 20.

Just some thoughts...
Comments?

Holger