Re: GetPC code (was: Shellcode from ASCII)
From: Berend-Jan Wever (SkyLined_at_edup.tudelft.nl)
Date: 06/27/03
- Previous message: nd_at_felinemenace.org: "gera's encoder"
- In reply to: Gerardo Richarte: "GetPC code (was: Shellcode from ASCII)"
- Next in thread: noir: "Re: GetPC code (was: Shellcode from ASCII)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <vuln-dev@securityfocus.com> Date: Fri, 27 Jun 2003 16:01:24 +0200
> Ok, first challenge: create a Get PC code with no zeros and no 0xff
> in it. sounds easy? hehe, it's not. However, we know it's possible,
> at least sometimes.
> Second challenge, for which we have no answer yet (it's not that we
> are spending all our time to solve it either), write a GetPC code
> with no zeros, no 0xff... and only "ascii" (either extended ascii
> ranging form 0x21 to 0x7f) or with as few "weird" characters as
> possible...
I have been thinking heavily on this myself for my alpha-shellcode
generator... I was unable to figure out how to do this ;( But I can't prove
it can't been done either ;)
I figured that if you're lucky some register points to it or something on
the stack and you can just pop it.
> PS: Of course, as halvar told me when I through this questions at
> him once: how did you jump to your code in the first place [if you
> don't know its address]. And well... he does have a strong point
> there... but heh, it's still a lot of fun to think about this small
> pieces of code, isn't it? :-)
Hmmm... isn't halvar forgetting nopslides and other brute-force attacks...?
SkyLined
PS. hi gera, halvar ;)
- Previous message: nd_at_felinemenace.org: "gera's encoder"
- In reply to: Gerardo Richarte: "GetPC code (was: Shellcode from ASCII)"
- Next in thread: noir: "Re: GetPC code (was: Shellcode from ASCII)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
