Vulnerability Development mailing list archives
Re: GetPC code (was: Shellcode from ASCII)
From: "Roland Postle" <mail () blazde co uk>
Date: Thu, 26 Jun 2003 21:28:40 +0100
On Thu, 26 Jun 2003 20:40:30 +0100, Roland Postle wrote:
B9 D0FEFD7F MOV ECX,7FFDFED0 8B01 MOV EAX,DWORD PTR DS:[ECX] C701 5B53C341 MOV DWORD PTR DS:[ECX],41C3535B E8 D8DFBD7F CALL 7FFDFED0 8901 MOV DWORD PTR DS:[ECX],EAX
Oops, as Gera just pointed out to me I used a relative call in my haste. I intended to use the absolute call (opcode 9A), only Olly didn't compile it how I wanted. However the problem with that is that you need to specify the segment, and on windows at least, the only usuable one contains a null (0x001B). Perhaps there are systems where it'll work, but for NT I'll have to keep thinking :) - Blazde
Current thread:
- Shellcode from ASCII martin rakhmanoff (Jun 25)
- Re: Shellcode from ASCII Berend-Jan Wever (Jun 25)
- Re: Shellcode from ASCII Jose Ronnick (Jun 26)
- GetPC code (was: Shellcode from ASCII) Gerardo Richarte (Jun 26)
- Re: GetPC code (was: Shellcode from ASCII) Roland Postle (Jun 26)
- Re: GetPC code (was: Shellcode from ASCII) Gerardo Richarte (Jun 26)
- Re: GetPC code (was: Shellcode from ASCII) Roland Postle (Jun 26)
- Re: GetPC code (was: Shellcode from ASCII) Berend-Jan Wever (Jun 27)
- Re: GetPC code (was: Shellcode from ASCII) Roland Postle (Jun 26)
- Re: Shellcode from ASCII Gerardo Richarte (Jun 26)
- Re: Shellcode from ASCII Berend-Jan Wever (Jun 25)