Dailydave mailing list archives

RE: Shellcode

From: "Dave Korn" <dave.korn () artimi com>
Date: Tue, 29 Nov 2005 19:06:20 -0000

Dave Korn wrote:

  The .text section of a program is protected read-only when the
executable file image is loaded into memory.

  You need to place your shellcode into either the .data section, the
heap (by mallocing and copying it there), or the stack.


  ... or, of course, you could first call VirtualProtect(Ex) to change the
readonly protection on the page to readwrite ...

  ... although, that will of course leave you with the problem of how to get
the function address of VirtualProtect without first having to write a zero to
the end of a string that says "VirtualProtectN" ...


    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....

Current thread:

Shellcode Pedro E (Nov 29)
- RE: Shellcode Dave Korn (Nov 29)
  - RE: Shellcode Dave Korn (Nov 29)
- Re: Shellcode Alexander Sotirov (Nov 29)
  - Re: Shellcode Isaac Dawson (Nov 29)
    - Re: Shellcode Dave Aitel (Nov 29)
    - Re: Shellcode H D Moore (Nov 29)
    - Re: Shellcode halvar (Nov 30)
    - RE: Shellcode Dafydd Stuttard (Nov 30)
    - Re: Shellcode halvar (Nov 30)
    - Re: HOLY GOD WE ARE SO OLD Matt Hargett (Nov 30)
    - Re: Shellcode halvar (Nov 30)
    - Re: Shellcode Dustin D. Trammell (Nov 30)

(Thread continues...)