GetPC code (was: Shellcode from ASCII)

[Gerardo Richarte <gera () corest com>]

In the previous email (Re: Shellcode from ASCII) I sent a piece
of code that needs "EDI pointing to its first byte", this means,
it needs to know the address in memory where itself (the code)
is located.

There are several ways to do this, the most I like is

CALL $+4
RET
POP EBX

or

call .+4
ret
pop %ebx

this is pretty generic, has no zeros and is a small as we could
do it (it doesn't mean there's no smaller way). And it also makes
you think for a few seconds :-)

Ok, first challenge: create a Get PC code with no zeros and no 0xff
in it. sounds easy? hehe, it's not. However, we know it's possible,
at least sometimes.

Second challenge, for which we have no answer yet (it's not that we
are spending all our time to solve it either), write a GetPC code
with no zeros, no 0xff... and only "ascii" (either extended ascii
ranging form 0x21 to 0x7f) or with as few "weird" characters as
possible...

        ok, you know the challenges... there are no rules I think :-)

        gera

PS: Of course, as halvar told me when I through this questions at
him once: how did you jump to your code in the first place [if you
don't know its address]. And well... he does have a strong point
there... but heh, it's still a lot of fun to think about this small
pieces of code, isn't it? :-)