Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Msfencode unicode

From: hdm at metasploit.com (HD Moore)
Date: Mon, 20 Jul 2009 17:33:56 -0500
On Mon, 20 Jul 2009 16:47:42 -0500, sam shepperd <samshepperd at gmail.com>  
wrote:

Any way to unicode encode without a buffer register?  A nonalpha geteip  
is fine.


You can prepend any geteip that works, and just pop it into the correct  
register, then specify that buffer register. Example:

00000000  EB03              jmp short 0x5
00000002  59                pop ecx
00000003  EB05              jmp short 0xa
00000005  E8F8FFFFFF        call dword 0x2
0000000A  CC                int3 <decoder with BufferRegister=ECX here>


-HD
Previous By Date Next
Previous By Thread Next

Current thread: