On Tue, 9 Nov 2004 Valdis.Kletnieks (at) vt (dot) edu [email concealed] wrote:
> Ah, but what if the 2 trailing B's are replaced by 2 Unicode chars that
> together take up 4 bytes? ;)
Or we can realize that in Windows NT, XP, and above, all "characters" are
two-byte-wide UNICODE characters, and that we're not seeing "[NULs]
inserted between characters" but simply UNICODE characters with very low
ordinals.
It's probably worth pointing out that a large fraction of the 16-bit
UNICODE space is taken up with Chinese, Japanese, and Korean characters.
In fact, UNICODE codepoint 0x9090 happens to be the Chinese character for
[li3], "winding" or "meandering". Chinese poetry shellcode, anybody?
> Ah, but what if the 2 trailing B's are replaced by 2 Unicode chars that
> together take up 4 bytes? ;)
Or we can realize that in Windows NT, XP, and above, all "characters" are
two-byte-wide UNICODE characters, and that we're not seeing "[NULs]
inserted between characters" but simply UNICODE characters with very low
ordinals.
It's probably worth pointing out that a large fraction of the 16-bit
UNICODE space is taken up with Chinese, Japanese, and Korean characters.
In fact, UNICODE codepoint 0x9090 happens to be the Chinese character for
[li3], "winding" or "meandering". Chinese poetry shellcode, anybody?
--Jeffrey
[ reply ]