Vulnerability Development mailing list archives

Re: Generating shellcode

From: Fyodor <fygrave () tigerteam net>
Date: Mon, 20 May 2002 01:56:14 +0700

Ulf H{rnhammar <ulfh () Update UU SE> spoke:

On Sun, May 19, 2002 at 10:29:05AM -0400, Ryn wrote:

Do any documents exist explaining how to covert assembly op codes and
operands to hex? I can use "gdb" or "dis" on Solaris to get:

bc 10 20 00        clr          %fp
e0 03 a0 40        ld           [%sp + 64], %l0
a2 03 a0 44        add          %sp, 68, %l1
9c 23 a0 20        sub          %sp, 32, %sp
80 90 00 01        orcc         %g0, %g1, %g0

I want to see how to get column 1 - 4 by hand.


The documentation for the processor usually lists the op-codes. If it doesn't, it should be available for downloading 
at the processor vendor's web site.


Been there. In a while generating hex by hand becomes a great pain. :-)
(especially if you do multi-platform assembly at the same time) Over a year
ago I wrote a perl script which uses gdb to generate left 4 columns
automagically from an assembly code. Check out easyshell_sparc tool in this
tarball: http://www.notlsd.net/bof/sparc-tools.tar.gz, could come handy~ ;-)
(this is sparc-specific version, but I've got templates for hpux/x86 if
interested, didn't really bother making them public though)..


-FY

-- 
http://www.notlsd.net
PGP fingerprint = 56DD 1511 DDDA 56D7 99C7  B288 5CE5 A713 0969 A4D1

Current thread:

Generating shellcode Ryn (May 19)
- Re: Generating shellcode Simon 'corecode' Schubert (May 19)
  - Re: Generating shellcode Roland Postle (May 19)
- Re: Generating shellcode Ulf H{rnhammar (May 19)
  - Re: Generating shellcode Fyodor (May 19)
- Re: Generating shellcode Justin Lundy (May 19)
- Re: Generating shellcode woof (May 20)
- <Possible follow-ups>
- Re: Generating shellcode Sergei Kostov (May 20)
  - Re: Generating shellcode SpaceWalker (May 20)
- RE: Generating shellcode Sinan Eren (May 20)