 |
|
|
 Welcome to the Virus.Org Mailing List Archive |
||
 |
||
|
||
|
In-Reply-To: <[EMAIL PROTECTED]> Greetings, Thanks to those who emailed me. 'abcdefghijklmno' does indeed map to opcodes. The quick test I did showed them as unmapped, but they definitely are mapped. One person found that a .com file with my suggested NOP sled actually made his mouse jump all over the place. That's not very NOPish at all. As well, a few people provided some really good links on the subject. Here are two good ones: http://www.livejournal.com/community/ shellcode/1983.html - ASCII shellcode for writing a message to the console http://cansecwest.com/noplist-v1-1.txt - NOP equivalents used by SNORT spp_fnord.c Since the people that use NOP sleds don't really care about the registers and what's on the stack, then there are probably a lot more useful NOP sled opcodes available - as long as they don't generate errors. I am thinking about finishing the document that I posted here on Byte code replacement, because I wrote that when extended registers weren't an issue. If anyone wants to help, just let me know. Karsten Johansson www.PENETRATIONTEST.com --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php ----------------------------------------------------------------------------
|
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.