Re: GetPC code (was: Shellcode from ASCII)

From: Berend-Jan Wever (SkyLined_at_edup.tudelft.nl)
Date: 06/27/03

  • Next message: Mosley, Larry: "RE: Starting on Assembly under win32"
    To: <vuln-dev@securityfocus.com>
    Date: Fri, 27 Jun 2003 16:01:24 +0200
    
    

    > Ok, first challenge: create a Get PC code with no zeros and no 0xff
    > in it. sounds easy? hehe, it's not. However, we know it's possible,
    > at least sometimes.

    > Second challenge, for which we have no answer yet (it's not that we
    > are spending all our time to solve it either), write a GetPC code
    > with no zeros, no 0xff... and only "ascii" (either extended ascii
    > ranging form 0x21 to 0x7f) or with as few "weird" characters as
    > possible...
    I have been thinking heavily on this myself for my alpha-shellcode
    generator... I was unable to figure out how to do this ;( But I can't prove
    it can't been done either ;)
    I figured that if you're lucky some register points to it or something on
    the stack and you can just pop it.

    > PS: Of course, as halvar told me when I through this questions at
    > him once: how did you jump to your code in the first place [if you
    > don't know its address]. And well... he does have a strong point
    > there... but heh, it's still a lot of fun to think about this small
    > pieces of code, isn't it? :-)
    Hmmm... isn't halvar forgetting nopslides and other brute-force attacks...?

    SkyLined

    PS. hi gera, halvar ;)


  • Next message: Mosley, Larry: "RE: Starting on Assembly under win32"