Re: Exploring Windows CE Shellcode
From: Justin Ferguson (jnferguson_at_gmail.com)
Date: 09/28/05
- Previous message: Kevin Reiter: "Re: Topology Discovery"
- In reply to: Tim Hurman: "Exploring Windows CE Shellcode"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 28 Sep 2005 14:41:55 +0000 To: pen-test@securityfocus.com
Hello Tim,
I am curious- I developed some shellcode for a zaurus which is also arm,
well xscale to be exact but thats arm v5 IIRC. Because of it being a harvard
arch (seperate instruction and data cache for those who are unaware of what
this is), self-modifying code is made more difficult under xscale.
With that said, under linux the base system call address is 0x90000000,
which obviously has null's in it and in order to counter this I switch one
byte to be 0xFF and then incremented it.
I have not read your paper as of yet, but I am curious how you overcame
similar problems in your WinCE shellcode? I found the only effective way for
me to do this was to drain the write buffer/invalidate the caches, but I was
curious if have another method.
Best Regards,
Justin F.
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
- Previous message: Kevin Reiter: "Re: Topology Discovery"
- In reply to: Tim Hurman: "Exploring Windows CE Shellcode"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
