Metasploit mailing list archives
Re: asm to hex, with a random string
From: David3 Gonnella <netevil () hackers it>
Date: Fri, 27 Apr 2012 13:51:46 +0200
Thanks, you answered to my confusing question by saying that "all operations end up as bytecode". That is just enough to understand that i was wrong, and I should have study that book properly, since it is here.. On another way i am happy that is possible to work straight on assemblies, that was the second implicit question On 04/27/12 12:51, AK wrote:
Hi David3, I do not fully understand your email (English is a second language for me at best). My questions are inline: On 4/27/12 12:32 PM, David3 Gonnella wrote:After some study i realized that if you want clever assembly you have to rely on C, just because more complex operations in the end are associations of hexes that vary on architecturesDocumented on "Shellcoder's handbook". I do not understand your last sentence, ALL operations end up as bytecode, not just the complex ones.You can just compile and link you program on two different architecture, get the hexes from the final bin and you have the logic you wrote as i would when i was asking.I will send in your personal email a blog post that I have written for asm <-> shellcode (note the <->). I can also send it to the list, although this has been done to death :(Well, that question was not clear also to me, just because was done like when you are thinking about something ..you still do not know well. Yes change a string is not difficult having all architecture factors in mind but if you want that the string gets the current name of day of the week, for example, you can't [corrected by me] do that on the assembly ..at least for humans ..AFAIK...Some people can do. String perhaps is not the proper term, in general when I see string in a payload context, my mind wanders off to NUL terminated strings. Still, provided that the substitute is of less or equal length and that the code was written in a PIC way, you can substitute instructions on the fly (JNE -> JMP patching for example). The question is still not clear to me, can you please rephrase? HTHDavid3 On 04/27/12 11:39, AK wrote:The question is not entirely clear to me but if by string you mean something along the lines of changing for example /bin/bash to /tmp/tcsh or something, indeed you can do that, provided that you keep endianess and other factors in mind. Why is this useful?
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- asm to hex, with a random string David3 Gonnella (Apr 18)
- Re: asm to hex, with a random string AK (Apr 27)
- Re: asm to hex, with a random string David3 Gonnella (Apr 27)
- Re: asm to hex, with a random string David3 Gonnella (Apr 27)
- Re: asm to hex, with a random string AK (Apr 27)
- Re: asm to hex, with a random string David3 Gonnella (Apr 27)
- Re: asm to hex, with a random string David3 Gonnella (Apr 27)
- Re: asm to hex, with a random string AK (Apr 27)