Full Disclosure mailing list archives
Re: speaking of code crunching... (challenge)
From: vile <vileone () gmail com>
Date: Wed, 18 Oct 2006 13:17:00 -0500
you all are furry faggots. On 10/17/06, Gadi Evron <ge () linuxbox org> wrote:
On Mon, 16 Oct 2006, Gadi Evron wrote: > sort of challenge to see if someone else can get there first (without, > say, making the URL shorter). :) Crunched further.... New binary at 384 bytes is here: http://ragestorm.net/tiny/tiny2.exe Blog entry on how this was done is here: http://blogs.securiteam.com/index.php/archives/679 The relevant text from the blog, a chat session log: Arkon: The problem with that URLDownloadToFileA is that it creates another thread, Arkon: and that thread never terminates for some unknown reason to me. Arkon: So I HAD to call ExitProcess and finish it, otherwise my process will hang. :( Arkon: But now what I'm going to do is raising a silent exception :x Matthew: Just blow away the SEH chain and trigger an INT3. Arkon: It will eliminate the string "ExitProcess" and the GetProcAddress code for it as well. Matthew: MOV FS:[0], 0xFFFFFFFF INT3 Matthew: BAM! :) Instant process death... Arkon: This is too long. Matthew: PUSH 0 POP FS:[0] Arkon: Nah Matthew: XOR ESP, ESP might also do the trick :-) Arkon: LOL!!! Matthew: XOR ESP, ESP PUSH EAX Arkon: XCHG EAX, ESP PUSH 0 Arkon: Wait I'm stupid, push 0 is 2 bytes long. Arkon: XCHG EAX, ESP PUSH EAX Arkon: 2 bytes ExitProcess OMFG Matthew: You're a maniac Gadi. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- speaking of code crunching... (challenge) Gadi Evron (Oct 16)
- <Possible follow-ups>
- Re: speaking of code crunching... (challenge) Gadi Evron (Oct 17)
- Re: speaking of code crunching... (challenge) vile (Oct 18)