Vulnerability Development mailing list archives
Re: xor encoding / decoding of shellcode
From: blitzkrieg <nyse () inwind it>
Date: Wed, 28 Nov 2001 20:22:09 +0100
On Wed, Nov 28, 2001 at 12:31:54PM -0500, KF wrote:
with null. I have been trying to figure out how the stack needs to be layed out in order for me to xor encode / decode my shellcode. I imagine it is similar to <nops><xor decoder><xor encoded shellcode><return addy>. At the moment I am stuck on how to place a xor encoded string on the stack and then use it as executable code. In essence I need to learn how to write a xor decoder does anyone have any tips on this technique?
Perhaps I'm going wrong... but in AT&T syntax you can try something like this. I think on ppc is the same [...] jmp encoded decoder: pop %esi [...] xorl yourkey, 0xYY(%esi) # where YY is the offset of the # words that you've encoded [...] jmp shellcode encoded: call decoder shellcode: [...] your shellcode [...] bye bye --blitzkrieg
Current thread:
- xor encoding / decoding of shellcode KF (Nov 28)
- Re: xor encoding / decoding of shellcode Ryan Permeh (Nov 28)
- Re: xor encoding / decoding of shellcode blitzkrieg (Nov 28)
- Message not available
- Message not available
- Re: ppc asm KF (Nov 29)
- Message not available