Talk:Shellcode
![]() | Computer security: Computing B‑class High‑importance | |||||||||||||||||
|
![]() | Computing B‑class Mid‑importance | |||||||||
|
Mayor overhaul
I've rewritten the page and adding more information about alphanumer/printable/unicode shellcode. I'd like to see more information on:
- Shellcode writting for different processors/operating systems/service packs.
(I can add a lot about win32 shellcode, but my *nix shellcode is a bit rusty and I've never done anything other than IA32)
- Platform spanning shellcode
(Runs on multiple OSes/processor types).
- Egghunt shellcode
(Shellcode exists of small code that scans the process' memory (hunt) for a larger shellcode (egg) that does the actual work. When found, the egg is executed. This is often used when a larger shellcode can be injected, but is hard to execute immediately and a smaller shellcode would be easier to inject and execute as well.)
- Omelete shellcode
(Shellcode exists of small code that scans the process' memory for more small pieces of shellcode (eggs) that are combined to form the original shellcode (omelette), which is executed. This can be used when a large shellcode cannot be injected as a whole, but can be injected in multiple smaller parts.)
- Multi-stage shellcode
(Shellcode downloads and executes a larger second stage shellcode - used when second stage shellcode itself is too large to be injected immediately.)
- SkyLined (talk) 17:04, 29 February 2008 (UTC)
Review
An assessment was requested over at Wikipedia:WikiProject Computing/Assessment. I've given this article a B rating. Comprehensible, interesting, reasonably complete (adding more detail would risk WP:HOWTO infraction) and reasonably well-referenced treatment. Further improvements would include more work on references and reworking some of the prose to eliminate a few unnecessary headings. I'd also like to see discussion of Data Execution Prevention and other modern countermeasures. Congratulations! --Kvng (talk) 15:51, 30 September 2010 (UTC)
This article triggers Antivirus itself!
I noticed that loading the Shellcode page caused my antivirus program (ESET NOD antivirus) to trigger (JS/exploit.Shellcode.A.gen trojan), probably because of a detection mechanism that can't differentiate between displayed and running code. It intercepts the page loading, so I can't see what it reacts to. Perhaps the page can be rewritten so it doesn't contain literal examples of shellcode? Mumiemonstret (talk) 21:12, 11 October 2010 (UTC)