Vulnerability Development mailing list archives

Re: GetPC code (was: Shellcode from ASCII)

From: "Berend-Jan Wever" <SkyLined () edup tudelft nl>
Date: Fri, 27 Jun 2003 16:01:24 +0200

Ok, first challenge: create a Get PC code with no zeros and no 0xff
in it. sounds easy? hehe, it's not. However, we know it's possible,
at least sometimes.

Second challenge, for which we have no answer yet (it's not that we
are spending all our time to solve it either), write a GetPC code
with no zeros, no 0xff... and only "ascii" (either extended ascii
ranging form 0x21 to 0x7f) or with as few "weird" characters as
possible...

I have been thinking heavily on this myself for my alpha-shellcode
generator... I was unable to figure out how to do this ;( But I can't prove
it can't been done either ;)
I figured that if you're lucky some register points to it or something on
the stack and you can  just pop it.

PS: Of course, as halvar told me when I through this questions at
him once: how did you jump to your code in the first place [if you
don't know its address]. And well... he does have a strong point
there... but heh, it's still a lot of fun to think about this small
pieces of code, isn't it? :-)

Hmmm... isn't halvar forgetting nopslides and other brute-force attacks...?

SkyLined

PS. hi gera, halvar ;)

Current thread:

Shellcode from ASCII martin rakhmanoff (Jun 25)
- Re: Shellcode from ASCII Berend-Jan Wever (Jun 25)
  - Re: Shellcode from ASCII Jose Ronnick (Jun 26)
- GetPC code (was: Shellcode from ASCII) Gerardo Richarte (Jun 26)
  - Re: GetPC code (was: Shellcode from ASCII) Roland Postle (Jun 26)
    - Re: GetPC code (was: Shellcode from ASCII) Gerardo Richarte (Jun 26)
    - Re: GetPC code (was: Shellcode from ASCII) Roland Postle (Jun 26)
  - Re: GetPC code (was: Shellcode from ASCII) Berend-Jan Wever (Jun 27)
- Re: Shellcode from ASCII Gerardo Richarte (Jun 26)