A little offtopic: Get EIP

[jerome.athias at free.fr (Jerome Athias)]

Hi Clemens,

i can't directly help sorry, but i think you could be able to find good 
papers about egg hunter shellcodes
and for example:
http://www.hick.org/code/skape/papers/egghunt-shellcode.pdf
thanks to skape ;)

and this one from spoonm:
http://www.metasploit.com/confs/recon2005/recent_shellcode_developments-recon05.pdf

PS: note that searching for "hunter" and "egg" in the exploits modules 
directory of the Metasploit should reveal some nice examples

good luck
/JA
SecurInfos.info

Clemens Kolbitsch wrote:
> ok sorry... just a short second question:
>
> i need to obtain the eip obviously, to find the offset to a second 
> payload that i copy somewhere (it is appended to the first payload and 
> i jump somewhere before reaching this part..).
>
> what i would really like to do is directly add my assembler code of 
> the second payload to the end of the c-source of the first. however, 
> this payload also includes strings. i thought that that was no problem 
> if i use
>
> __asm("db MYCHAR");
>
> however, i get that the db instruction is not valid... can it only be 
> used inside the DATA part of a program or what am i doing wrong??
>
> i know... i can still simply copy it there using some hex-editor, but 
> with frequent changes during development, this is annoying...
>
> again... thanks for any help and sorry for the offtopic :-)