Re: Shell code -RVA techniques or something similar

[Enrique A. Compañ Gzz. <enrique () virtekweb net>]

Sometime ago I created a shellcode that doesn't use any hardcoded address,
it looks in the
process for them... I posted it here, but I have to find it.

My advice is too look into virii coding tutorials...

There're good tutorials around this and other very interesting subjects.

Also look for a PE format reference/tutorial.

Look for 29a magazine and also at vx.netlux.org

Regards

----- Original Message -----
From: "Gary O'leary-Steele" <garyo () sec-1 com>
To: <pen-test () securityfocus com>
Cc: <vuln-dev () securityfocus com>
Sent: Thursday, September 26, 2002 4:54 PM
Subject: Shell code -RVA techniques or something similar


> Hi,
>
> I am looking for documentation/tutorial on writing shell code for Windows.
> Specifically using RVA techniques or something similar to make my shell
code
> service pack independent.
>
>
> The problem I am experiencing is that all the exploits I have written in
the
> past use fixed addresses within Kernel32.dll such as the offset for
winexec
> or loadlibrarya and getprocaddress. Therefore a variation in service pack
> etc causes my exploit to fail.
>
>
> Thanks in advance.
>
>
> Kind Regards,
>
> Gary