[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Re: New whitepaper: Writing IA32 Restricted Instruction Set Shellcode Decoder Loops

Hi,

Nice paper.
Some code examples should be great (i think).
A question : what about false-disassembly into shellcode ?

like :
mov eax, eax
[...]
jmp false
db 0xAA
[...]
false:
mov eax, 1
int 0x80
[...]

mv

On 17 nov. 04, at 23:00, Peter Willis wrote:

Hey, cool paper. Speaking of phrack, if in the future you have an article you think is print-worthy but is rejected by most zines, try sending it to Binary Revolution <articles@xxxxxxxxxx>. Although they're newer and have had some delays in getting new issues out, they're starting to re-focus on the magazine and the number of their supporters is growing. Sorry if this comes off a little advertisey, but hopefully if more people write in then BinRev can publish more original articles about vulnerabilities which can then make it back onto the web as sample articles.

Berend-Jan Wever wrote:

Hi all,

This one got rejected by phrack and I couldn't be arsed to rewrite it so it would make the next edition:
"Writing IA32 Restricted Instruction Set Shellcode Decoder Loops" by SkyLined
( http://www.edup.tudelft.nl/~bjwever/whitepaper_shellcode.html )

The article addresses the requirements for writing a shellcode decoder loop using a limited number of characters that limits our instruction set. Most of it is based on my experience with alphanumeric decoders but the principles apply to any piece of code that is written to work with a limited instruction set. (It's a continuation on rix's and obscou's work for phrack).

Comments and questions welcome, but I can not guarantee an answer to n00b questions.

Cheers,
SkyLined

http://www.edup.tudelft.nl/~bjwever
<skylined@xxxxxxxxxxxxxxx>





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html