Penetration Testing mailing list archives
Re: Exploring Windows CE Shellcode
From: Justin Ferguson <jnferguson () gmail com>
Date: Wed, 28 Sep 2005 14:41:55 +0000
Hello Tim, I am curious- I developed some shellcode for a zaurus which is also arm, well xscale to be exact but thats arm v5 IIRC. Because of it being a harvard arch (seperate instruction and data cache for those who are unaware of what this is), self-modifying code is made more difficult under xscale. With that said, under linux the base system call address is 0x90000000, which obviously has null's in it and in order to counter this I switch one byte to be 0xFF and then incremented it. I have not read your paper as of yet, but I am curious how you overcame similar problems in your WinCE shellcode? I found the only effective way for me to do this was to drain the write buffer/invalidate the caches, but I was curious if have another method. Best Regards, Justin F. ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Exploring Windows CE Shellcode Tim Hurman (Sep 28)
- Re: Exploring Windows CE Shellcode Justin Ferguson (Sep 29)