 |
|
|
 Welcome to the Virus.Org Mailing List Archive |
||
 |
||
|
||
|
On February 10, 2004 05:24 am, Don Parker wrote: > Hello Marius, indeed the trick is in using a 1 byte function, but also in > making sure that it does not affect the egg itself. That is the real trick. > There is no shortage of 1 byte functions for use, problem is to make it > still works after. It is simple to just use an ascii character as well, but > that is a different story as well. Thanks for your reply :-) List of NOP equivalents: http://dragos.com/noplist-v1-1.txt Not all the world's an x86. Other arches use lengths other than one. In some cases/exploits you can use multibyte NOP sleds. Also see K2's ADMmutate.... cheers, --dr (I should really add PPC one of these days... info donations welcome :-) -- Top security experts. Cutting edge tools, techniques and information. Vancouver, Canada April 21-23 2004 http://cansecwest.com pgpkey http://dragos.com/ kyxpgp --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php ----------------------------------------------------------------------------
|
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.