Re: ascii decoder

[Slawek <sgp () TELSATGP COM PL>]

Tuesday, October 10, 2000 12:08 AM +0200, Ryan Yagatich wrote:
> << can be put into hostname .. hostname is limited to 255 chars?>>
> 63



rfc 1123 "Requirements for Internet Hosts -- Application and Support"

2.  GENERAL ISSUES
2.1  Host Names and Numbers
[...]
Host software MUST handle host names of up to 63 characters and SHOULD
handle host names of up to 255 characters.
[...]



rfc 1035 "DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION"

2. INTRODUCTION
2.3. Conventions
2.3.4. Size limits

Various objects and parameters in the DNS have size limits.  They are
listed below.  Some could be easily changed, others are more
fundamental.

labels          63 octets or less
names           255 octets or less
TTL             positive values of a signed 32 bit number.
UDP messages    512 octets or less



So now I'm basing on rfc not on my thoughts ;)

Host names are in fact limited to 255 chars, *but* each label (between dots)
is limited to 63 chars.

There's only a little change to be done in the decoder in order to allow
dots to be placed in the encoded shell code.

old version:
34 30          - xor al,030h
38 41 32       - cmp [ecx+032h],al
72 53          - jb decodeloop

new version:
34 2d          - xor al,02dh
38 41 32       - cmp [ecx+032h],al
72 53          - jb decodeloop


Now the end mark is "-" not the dot, and dot can be placed in the encoded
shell code from "time to time" (at least once per 64 chars)

We can easily do that by using pair { 0x2e, 0x4b }, witch after decode will
give us 0x2e * 0x30 + 0x4b = 0x8eb

0xeb is machine code of "jmps" which can be followed by "0x00" .. and just
do nothing ;)


Well .. so our encoder need to be modified to encode 0xeb as { 0x2e, 0x4b }
instead of "normal" encoding, and we need to remember to place "jmps" at
least once per 32 bytes of shell code (first time somewhere close to the
start).

Instead of closing dot we now put ("-a.")


And this should be working ;) .. so again .. I'm waiting for comments ;)


Bye,
Slawek