[framework] A little offtopic: Get EIP
Jerome Athias
jerome.athias at free.fr
Tue Jun 26 06:39:56 CDT 2007
Hi Clemens,
i can't directly help sorry, but i think you could be able to find good
papers about egg hunter shellcodes
and for example:
http://www.hick.org/code/skape/papers/egghunt-shellcode.pdf
thanks to skape ;)
and this one from spoonm:
http://www.metasploit.com/confs/recon2005/recent_shellcode_developments-recon05.pdf
PS: note that searching for "hunter" and "egg" in the exploits modules
directory of the Metasploit should reveal some nice examples
good luck
/JA
SecurInfos.info
Clemens Kolbitsch wrote:
> ok sorry... just a short second question:
>
> i need to obtain the eip obviously, to find the offset to a second
> payload that i copy somewhere (it is appended to the first payload and
> i jump somewhere before reaching this part..).
>
> what i would really like to do is directly add my assembler code of
> the second payload to the end of the c-source of the first. however,
> this payload also includes strings. i thought that that was no problem
> if i use
>
> __asm("db MYCHAR");
>
> however, i get that the db instruction is not valid... can it only be
> used inside the DATA part of a program or what am i doing wrong??
>
> i know... i can still simply copy it there using some hex-editor, but
> with frequent changes during development, this is annoying...
>
> again... thanks for any help and sorry for the offtopic :-)
>
>
More information about the framework
mailing list