From: Dragos Ruiu (dr@kyx.net)
Date: Wed Feb 11 2004 - 22:56:15 EST
On February 10, 2004 05:24 am, Don Parker wrote:
> Hello Marius, indeed the trick is in using a 1 byte function, but also in
> making sure that it does not affect the egg itself. That is the real trick.
> There is no shortage of 1 byte functions for use, problem is to make it
> still works after. It is simple to just use an ascii character as well, but
> that is a different story as well. Thanks for your reply :-)
List of NOP equivalents: http://dragos.com/noplist-v1-1.txt
Not all the world's an x86. Other arches use lengths other than one.
In some cases/exploits you can use multibyte NOP sleds.
Also see K2's ADMmutate....
cheers,
--dr
(I should really add PPC one of these days... info donations welcome :-)
-- Top security experts. Cutting edge tools, techniques and information. Vancouver, Canada April 21-23 2004 http://cansecwest.com pgpkey http://dragos.com/ kyxpgp --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php ----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:48 EDT