Jump to content

Talk:Shellcode

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by SkyLined (talk | contribs) at 16:49, 7 February 2012 (End game: I assume you misunderstood the presentation). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
WikiProject iconComputer security: Computing B‑class High‑importance
WikiProject iconThis article is within the scope of WikiProject Computer security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Computer securityWikipedia:WikiProject Computer securityTemplate:WikiProject Computer securityComputer security
BThis article has been rated as B-class on Wikipedia's content assessment scale.
HighThis article has been rated as High-importance on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Computing (assessed as Mid-importance).
Things you can help WikiProject Computer security with:
Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information...
  • Review importance and quality of existing articles
  • Identify categories related to Computer Security
  • Tag related articles
  • Identify articles for creation (see also: Article requests)
  • Identify articles for improvement
  • Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc.
  • Find editors who have shown interest in this subject and ask them to take a look here.

Mayor overhaul

I've rewritten the page and adding more information about alphanumer/printable/unicode shellcode. I'd like to see more information on:

  • Shellcode writting for different processors/operating systems/service packs.

(I can add a lot about win32 shellcode, but my *nix shellcode is a bit rusty and I've never done anything other than IA32)

  • Platform spanning shellcode

(Runs on multiple OSes/processor types).

  • Egghunt shellcode

(Shellcode exists of small code that scans the process' memory (hunt) for a larger shellcode (egg) that does the actual work. When found, the egg is executed. This is often used when a larger shellcode can be injected, but is hard to execute immediately and a smaller shellcode would be easier to inject and execute as well.)

  • Omelete shellcode

(Shellcode exists of small code that scans the process' memory for more small pieces of shellcode (eggs) that are combined to form the original shellcode (omelette), which is executed. This can be used when a large shellcode cannot be injected as a whole, but can be injected in multiple smaller parts.)

  • Multi-stage shellcode

(Shellcode downloads and executes a larger second stage shellcode - used when second stage shellcode itself is too large to be injected immediately.)

- SkyLined (talk) 17:04, 29 February 2008 (UTC)[reply]

Review

An assessment was requested over at Wikipedia:WikiProject Computing/Assessment. I've given this article a B rating. Comprehensible, interesting, reasonably complete (adding more detail would risk WP:HOWTO infraction) and reasonably well-referenced treatment. Further improvements would include more work on references and reworking some of the prose to eliminate a few unnecessary headings. I'd also like to see discussion of Data Execution Prevention and other modern countermeasures. Congratulations! --Kvng (talk) 15:51, 30 September 2010 (UTC)[reply]

This article triggers Antivirus itself!

I noticed that loading the Shellcode page caused my antivirus program (ESET NOD antivirus) to trigger (JS/exploit.Shellcode.A.gen trojan), probably because of a detection mechanism that can't differentiate between displayed and running code. It intercepts the page loading, so I can't see what it reacts to. Perhaps the page can be rewritten so it doesn't contain literal examples of shellcode? Mumiemonstret (talk) 21:12, 11 October 2010 (UTC)[reply]

ESET NOD is apparently (over-) reacting to the presence of the character "邐" ( also known as unicode character 9090 as listed on http://en.wikibooks.org/wiki/Unicode/Character_reference/9000-9FFF ), URL-encoded, or encoded as a javascript escape sequence or a html character entity. That's a pretty far cry from a shellcode. It's only relevant to shellcodes in that the character's UTF-16 representation happens to match a 2 bytes sequence frequently used as part of a NOP slide, which many shellcodes rely on. It's clearly a false positive, and the article shouldn't need to dance around ESET NOD to avoid its flagging. Also note that ESET NOD is the only AV on VirusTotal to flag this page. 209.131.62.115 (talk) 10:37, 1 November 2010 (UTC)[reply]

End game

According to a recent PPT presentation given by T. H., a virus-analyst working at F-Secure of Finland: Windows 7 is immune to shellcode exploitation, which would have stopped the famous EMC-RSA hack attack, had that company migrated its vulnerable WinXP and Vista desktops to Win7 before the spring of 2011. 82.131.210.163 (talk) 12:15, 7 February 2012 (UTC)[reply]

Not sure what you mean by "shellcode exploitation", but [1] works just fine on Windows 7.     SkyLined (talk) 16:49, 7 February 2012 (UTC)[reply]
Retrieved from "https://en.wikipedia.org/w/index.php?title=Talk:Shellcode&oldid=475599427"