[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[stalk:00342] Re: [FYI] ADMutate

To: security-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [stalk:00342] Re: [FYI] ADMutate
From: Koji Shikata <shikap@xxxxxxxxxxxx>
Date: Wed, 25 Apr 2001 02:07:36 +0900

(B
(B
$B$7$+#P!w1Q8l$O6l.207G<(HD>e$G!"(BADMutate$B$,8x3+$5$l$?$H$NJs9p(B
(B> $B$,(BUS$B$5$s$+$i$"$j$^$7$?!#(B
(B
$B7G<(HD$r8+$F!"AaB.(BADMmutate$B$rMn$H$7$F8+$F$^$7$?!#(B(^^;
(B
$B$h$/$o$+$i$s$N$G$9$,!J6l>P!K!"(Bnop$BA^F~$7$?$j!"(B
$B7k6I2?$b$7$J$$$HF10U5A$J%3!<%I$rA^F~$7$?$j!"(Bxor$B$r%7%'%k%3!<%I(B
$B$K$+$1$?$j!"(Bxor$B$N%G%3!<%IMQ%3!<%I$r$/$C$D$1$?$j!"(B
$B%*%U%;%C%HCM$r$$$8$C$?$j!"$F$J;v$r$9$k$?$a$N4X?t72$N$h$&$G$9!#(B
$B$&$^$/AH$_9g$o$;$k$H;H$($J$$#1#6?J?t!JNc$($P(B0x00$B!K$d(B
(Btoupper()$B!"(Btolower()$B$J$I$N4X?t$KAw$i$l$F$7$^$$!"%7%'%k%3!<%I$r(B
$BAw$k$3$H$,$G$-$J$+$C$?$H$3$m$J$I$K$bBg>fIW!"$J$s$F;v$b=q$$$F$"$k(B
$B$h$&$G!#(B
(B
$B!t$$$D$b$NDL$j!"FI$_4V0c$($F$$$?$i$9$_$^$;$s!#(B_o_
(B
$B$3$C$+$i0lIt0zMQ!J(BREADME$B$h$j!K(B
(B
(B   init_mutate(struct morphctl *)
(B   This function should initialize pointers to the OS specific structures,
(B   functions and limits that were specified in mut.arch;
(B
(B   apply_key(buff,E,N,struct morphctl *)
(B   This function takes in input buff, substitutes E bytes @ location buff+N
(B   with encoded bytes.  It also will find a key that will work with your
(B   processing options.  MUST BE CALLED AFTER init_mutate.
(B
(B   apply_jnops(buff,N,struct morphctl)
(B   This function takes buff, substitutes the first N bytes
(B   with alternate "junk nops"
(B
(B   apply_engine(buff,E,N,struct morphctl)
(B   This functions takes  buff, generates a decode engine, places it at location
(B   buff+N-strlen(of.the.engine).
(B
(B   apply_offset_mod(buff,N,X,morphctl);
(B   This function takes buf, modifies N amount at location buff+X, and adheres
(B   to the options in morphctl, such that the return address will be unique on
(B   execution.
(B
$B$3$3$^$G$G0zMQ=*N;(B
(B
(B
$B3N$+$K$&$C$H$*$7$$$o!"$3$l!#%7%0%M%A%c%Y!<%9$N(Bsnort$B$K$O(B
$B2Y$,=E$$$J$!!#8m8!CN8:$i$9$N$H$I$C$A$,3Z$+$7$i(B(^^;
(B
$B$A$J$_$K%7%'%k%3!<%I$,(B1kbyte$B$rD6$($F$?$i;H$($J$$$h!"$F$J(B
$B;v$b=q$$$F$"$j$^$7$?!#$b$A$m$s(B1k$BD6$($k$N$J$s$FCN$j$^$;$s$1$I!#(B
(B
$B$$$8$g!"(BFYI$BBh#2CJ(B(^^;
(B-- 
(B  $B!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a(B
(B  $B!!!!http://www.yk.rim.or.jp/~shikap/patch/
(B  $B!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a(B
(B
(B--
(B- $B$3$N%a%$%j%s%0%j%9%H$K4X$9$khttp://www.infoseek.co.jp/ISCamp?svx=971122

References:
- [stalk:00341] [FYI] ADMutate
  - From: MICKY

Prev by Date: [stalk:00341] [FYI] ADMutate
Next by Date: [stalk:00343] $B:G6a$N$"$d$7(B$B$$%Q%1%C%H(B
Previous by thread: [stalk:00341] [FYI] ADMutate
Next by thread: [stalk:00344] $B%"!<%,%9!Mx(B($B>e(B)
Index(es):
- Date
- Thread