 |
|
|
 Welcome to the Virus.Org Mailing List Archive |
||
 |
||
|
||
|
On 16 Feb 2004 17:52:45 -0000 Karsten Johansson <[EMAIL PROTECTED]> wrote: >In-Reply-To: <[EMAIL PROTECTED]> >Since the people that use NOP sleds don't really care about the >registers and what's on the stack, then there are probably a lot more >useful NOP sled opcodes available - as long as they don't generate >errors. Don't like too much talking about myself but I just want to point out a work I realized two years ago for showing how to defeat an IDS in "shellcode catching". In that occasion, I wrote two completely alphanumeric codes you may find on my homepage (reported below) and named buffer-i386-raptus.c and buffer-i386-delirium.c. In particular, the latter is an alphanumeric asm code which builds a shellcode and then executes it. Using these codes, you can use whatever padding you want since they make no assumptions on the registers' contents thus always setting them properly. This is obviously true even if you generate an alphanumeric shellcode using f.e. Rix's ASC starting by "I-make-no-assumptions" classic shellcode. Regards. -- Angelo Dell'Aera 'buffer' Antifork Research, Inc. http://buffer.antifork.org PGP information in e-mail header Attachment:
pgpeVI1WK0zqD.pgp
|
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.