A little offtopic: Get EIP

[clemens.kol at gmx.at (Clemens Kolbitsch)]

ok thanks!!

Jerome Athias wrote:
> Hi Clemens,
>
> i can't directly help sorry, but i think you could be able to find 
> good papers about egg hunter shellcodes
> and for example:
> http://www.hick.org/code/skape/papers/egghunt-shellcode.pdf
> thanks to skape ;)
>
> and this one from spoonm:
> http://www.metasploit.com/confs/recon2005/recent_shellcode_developments-recon05.pdf 
>
>
> PS: note that searching for "hunter" and "egg" in the exploits modules 
> directory of the Metasploit should reveal some nice examples
>
> good luck
> /JA
> SecurInfos.info
>
> Clemens Kolbitsch wrote:
> > ok sorry... just a short second question:
> >
> > i need to obtain the eip obviously, to find the offset to a second 
> > payload that i copy somewhere (it is appended to the first payload 
> > and i jump somewhere before reaching this part..).
> >
> > what i would really like to do is directly add my assembler code of 
> > the second payload to the end of the c-source of the first. however, 
> > this payload also includes strings. i thought that that was no 
> > problem if i use
> >
> > __asm("db MYCHAR");
> >
> > however, i get that the db instruction is not valid... can it only be 
> > used inside the DATA part of a program or what am i doing wrong??
> >
> > i know... i can still simply copy it there using some hex-editor, but 
> > with frequent changes during development, this is annoying...
> >
> > again... thanks for any help and sorry for the offtopic :-)