Vulnerability Development mailing list archives
Writing ascii shellcode (\xcc)
From: lists73 () skilltube com
Date: 4 Jul 2007 15:43:06 -0000
There was a question regarding ascii shellcode development and in particular, how to get the \xcc opcode. We had a similar problem a few weeks ago and we solved it with a well-known approach documented by Steve Hanna. The example below might help others as well. Suppose we want create the following small shellcode (just an example): int3 int3 int3 int3 The corresponding opcodes look like the following: \xcc\xcc\xcc\xcc These are definitely not printable characters. However, we can write them on the fly with the following loader code (does not contain non-printable characters): // eax == 0 and eax,454e4f4a and eax,3a313035 // make "room" for the real shellcode push esp pop eax sub eax,39393333 sub eax,72727550 sub eax,54545645 // depends on the space needed push eax pop esp // write last four byte block of our shellcode and eax,454e4f4a and eax,3a313035 sub eax,66666666 sub eax,66666666 sub eax,66666668 push eax //write next four byte block of our shellcode etc.
Current thread:
- Writing ascii shellcode (\xcc) lists73 (Jul 04)