Jump to content

Talk:Alphanumeric shellcode

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by 193.11.232.248 (talk) at 01:18, 16 April 2005. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

ff ff ff 88 2b 00 00 00 2c 00 41 64 6d 69 e8 ff ff ff 76 6b 00 00 00 00 00 80 00 00 00 00 f4 01 00 00 00 00 00 00 a8 ff ff ff 6e 6b 20 00 a2 23 26 82 c2

Description of what the program does:

%## = and ax, ## (remember that x86 uses little endian order!)


-## = sub ax, ##


P = push ax (search for "computer stack" or something)


X = pop ax


\ = pop sp


T = push sp

1. The program calculates the value of "50 bytes after where the algorithm ends" (That is, at the 50th "X") 2. It sets the stack pointer to point to that location 3. It calculates a hexadecimal C3C3 and places it in the AX-cpu register. (Sort of like a very-very-fast variable) 4. It pushes (overwrites) "C3C3" to the stack (that is, at the 50th and 51st Xes. Remember push allways push 16 bits.) 5. It just runs into the Xes.

The reason why it has to calculate the values is that it is impossible to store this information in alphanumeric writeable ASCII. The values are simply way out of the reach for anything that you can write with an ordinary keyboard.

C3 means "RET" in x86 assembly language. It returns back to the previous routine/function by popping a new IP (Instruction Pointer) off the stack.

The reson why I choose to rewrite the code first after 50 bytes is because of the Prefetch Input Queue. Kind of complicated. The CPU reads its codes some cycles before it executes them, so, well, i had to be sure it wasnt allready loaded into the PIQ.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Talk:Alphanumeric_shellcode&oldid=12371078"