Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: asm shellcode techniques (especially relevant for win32)

From: RaiSe <raise () netsearch-ezine com>
Date: Thu, 6 Sep 2001 01:26:50 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Generally I preffer to code a proof-o-concept this way (when possible):

[AAAAAAAAAAAAAA][EBP][EIP][SHELLCODE]

not this way:

[SHELLCODE][AAAAA][EBP][EIP]



Yes, but first code has a problem. Look at this code:

**
int main(int argc. char *argv[])
{
char buffer[256];

strcpy(buffer, argv[1]);
printf("%s", argv[2]);

}
**

If you put the shellcode after [EIP], you will overwrite argc and argv,
so, printf will make segv fault. I think that is better to put shellcode
before [EBP] and [EIP] when it is possible.


==============-----------------------------==============
RaiSe
UNDERSEC Security Team / http://www.undersec.com
NetSearch Ezine Staff  / http://www.netsearch-ezine.com
ysfk>2{5~~2s~eska2~}dw2k}g<<< XOR 18
==============-----------------------------==============


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iD8DBQE7lwkhSP4h0VxUtqMRApmOAJ9GpfM3Dt6dUqfkRRwC+7u4SeDfDgCgiXx2
x83Kq3APOf7ZsCVCgDUYiBo=
=k71I
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: