Vulnerability Development mailing list archives
Re: GetPC code (was: Shellcode from ASCII)
From: "Berend-Jan Wever" <SkyLined () edup tudelft nl>
Date: Fri, 27 Jun 2003 16:01:24 +0200
Ok, first challenge: create a Get PC code with no zeros and no 0xff in it. sounds easy? hehe, it's not. However, we know it's possible, at least sometimes.
Second challenge, for which we have no answer yet (it's not that we are spending all our time to solve it either), write a GetPC code with no zeros, no 0xff... and only "ascii" (either extended ascii ranging form 0x21 to 0x7f) or with as few "weird" characters as possible...
I have been thinking heavily on this myself for my alpha-shellcode generator... I was unable to figure out how to do this ;( But I can't prove it can't been done either ;) I figured that if you're lucky some register points to it or something on the stack and you can just pop it.
PS: Of course, as halvar told me when I through this questions at him once: how did you jump to your code in the first place [if you don't know its address]. And well... he does have a strong point there... but heh, it's still a lot of fun to think about this small pieces of code, isn't it? :-)
Hmmm... isn't halvar forgetting nopslides and other brute-force attacks...? SkyLined PS. hi gera, halvar ;)
Current thread:
- Shellcode from ASCII martin rakhmanoff (Jun 25)
- Re: Shellcode from ASCII Berend-Jan Wever (Jun 25)
- Re: Shellcode from ASCII Jose Ronnick (Jun 26)
- GetPC code (was: Shellcode from ASCII) Gerardo Richarte (Jun 26)
- Re: GetPC code (was: Shellcode from ASCII) Roland Postle (Jun 26)
- Re: GetPC code (was: Shellcode from ASCII) Gerardo Richarte (Jun 26)
- Re: GetPC code (was: Shellcode from ASCII) Roland Postle (Jun 26)
- Re: GetPC code (was: Shellcode from ASCII) Berend-Jan Wever (Jun 27)
- Re: GetPC code (was: Shellcode from ASCII) Roland Postle (Jun 26)
- Re: Shellcode from ASCII Gerardo Richarte (Jun 26)
- Re: Shellcode from ASCII Berend-Jan Wever (Jun 25)