Vulnerability Development mailing list archives
Re: Generating shellcode
From: Sergei Kostov <serj () varna net>
Date: 20 May 2002 17:24:56 -0000
In-Reply-To: <20020519180329.00001f3a.corecode () corecode ath cx>
Received: (qmail 834 invoked from network); 19 May 2002 17:35:37 -0000 Received: from outgoing3.securityfocus.com (HELO outgoing.securityfocus.com) (66.38.151.27) by mail.securityfocus.com with SMTP; 19 May 2002 17:35:37 -0000 Received: from lists.securityfocus.com (lists.securityfocus.com [66.38.151.19]) by outgoing.securityfocus.com (Postfix) with QMQP id 497CEA30AD; Sun, 19 May 2002 11:31:41 -0600 (MDT) Mailing-List: contact vuln-dev-help () securityfocus com; run by ezmlm Precedence: bulk List-Id: <vuln-dev.list-id.securityfocus.com> List-Post: <mailto:vuln-dev () securityfocus com> List-Help: <mailto:vuln-dev-help () securityfocus com> List-Unsubscribe: <mailto:vuln-dev-unsubscribe () securityfocus com> List-Subscribe: <mailto:vuln-dev-subscribe () securityfocus com> Delivered-To: mailing list vuln-dev () securityfocus com Delivered-To: moderator for vuln-dev () securityfocus com Received: (qmail 21163 invoked from network); 19 May 2002 16:01:07 -0000 Date: Sun, 19 May 2002 18:03:29 -0700 From: Simon 'corecode' Schubert <corecode () corecode ath cx> To: "Ryn" <mattyml () daemons net> Cc: vuln-dev () securityfocus com Subject: Re: Generating shellcode Message-Id: <20020519180329.00001f3a.corecode () corecode ath cx> In-Reply-To: <001101c1ff41$8ab1cdb0$0201a8c0@pooh> References: <001101c1ff41$8ab1cdb0$0201a8c0@pooh> X-Mailer: Sylpheed version 0.7.6claws4 Win32 (GTK+ 1.3.0; Win32) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Sender: 320050403952-0001 () t-dialin net "Ryn" <mattyml () daemons net> wrote:Howdy, Do any documents exist explaining how to covert assembly op codes and operands to hex? I can use "gdb" or "dis" on Solaris to get: bc 10 20 00 clr %fp e0 03 a0 40 ld [%sp + 64], %l0 a2 03 a0 44 add %sp, 68, %l1 9c 23 a0 20 sub %sp, 32, %sp 80 90 00 01 orcc %g0, %g1, %g0 I want to see how to get column 1 - 4 by hand.you write the assembler code (or c code) and compile it. after that use objdump to get the bytecode. cheerz corecode
And i do it this way
nash sh.asm
do sh
As far as nasm do just a convertion to hex sh is a simple pure hex code (some call it shell code) without
any header as gas do
do is a simple proggy which does
printf("\\0%x",(unsigned char) c); for the simbols from the file
The confusing thin is that you have to convert from AT&T
asembly style(gas gdb etc) to INTEL asm style (nasm)
But that is no problem.
Current thread:
- Generating shellcode Ryn (May 19)
- Re: Generating shellcode Simon 'corecode' Schubert (May 19)
- Re: Generating shellcode Roland Postle (May 19)
- Re: Generating shellcode Ulf H{rnhammar (May 19)
- Re: Generating shellcode Fyodor (May 19)
- Re: Generating shellcode Justin Lundy (May 19)
- Re: Generating shellcode woof (May 20)
- <Possible follow-ups>
- Re: Generating shellcode Sergei Kostov (May 20)
- Re: Generating shellcode SpaceWalker (May 20)
- RE: Generating shellcode Sinan Eren (May 20)
- Re: Generating shellcode Simon 'corecode' Schubert (May 19)