Re: [Full-Disclosure] Re: New whitepaper: Writing IA32 Restricted Instruction Set Shellcode Decoder Loops
From: Berend-Jan Wever (skylined_at_edup.tudelft.nl)
Date: Thu, 18 Nov 2004 13:53:10 +0100
Code examples ?
Check out the "Shellcode encoders" source codes on my webpage.
PS. please send any discussions on the paper in pm to firstname.lastname@example.org or #SkyLined on EFNet
----- Original Message -----
From: "Michael Vergoz" <email@example.com>
To: "Peter Willis" <firstname.lastname@example.org>
Cc: <email@example.com>; <firstname.lastname@example.org>; "Berend-Jan Wever" <email@example.com>
Sent: Thursday, November 18, 2004 09:04
Subject: [Full-Disclosure] Re: New whitepaper: Writing IA32 Restricted Instruction Set Shellcode Decoder Loops
> Nice paper.
> Some code examples should be great (i think).
> A question : what about false-disassembly into shellcode ?
> like :
> mov eax, eax
> jmp false
> db 0xAA
> mov eax, 1
> int 0x80
> On 17 nov. 04, at 23:00, Peter Willis wrote:
> > Hey, cool paper. Speaking of phrack, if in the future you have an
> > article you think is print-worthy but is rejected by most zines, try
> > sending it to Binary Revolution <firstname.lastname@example.org>. Although
> > they're newer and have had some delays in getting new issues out,
> > they're starting to re-focus on the magazine and the number of their
> > supporters is growing. Sorry if this comes off a little advertisey,
> > but hopefully if more people write in then BinRev can publish more
> > original articles about vulnerabilities which can then make it back
> > onto the web as sample articles.
> > Berend-Jan Wever wrote:
> >> Hi all,
> >> This one got rejected by phrack and I couldn't be arsed to rewrite it
> >> so it would make the next edition:
> >> "Writing IA32 Restricted Instruction Set Shellcode Decoder Loops" by
> >> SkyLined
> >> ( http://www.edup.tudelft.nl/~bjwever/whitepaper_shellcode.html )
> >> The article addresses the requirements for writing a shellcode
> >> decoder loop using a limited number of characters that limits our
> >> instruction set. Most of it is based on my experience with
> >> alphanumeric decoders but the principles apply to any piece of code
> >> that is written to work with a limited instruction set. (It's a
> >> continuation on rix's and obscou's work for phrack).
> >> Comments and questions welcome, but I can not guarantee an answer to
> >> n00b questions.
> >> Cheers,
> >> SkyLined
> >> http://www.edup.tudelft.nl/~bjwever
> >> <email@example.com>
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
Full-Disclosure - We believe in it.