[framework] A little offtopic: Get EIP
Clemens Kolbitsch
clemens.kol at gmx.at
Tue Jun 26 07:53:14 CDT 2007
ok thanks!!
Jerome Athias wrote:
> Hi Clemens,
>
> i can't directly help sorry, but i think you could be able to find
> good papers about egg hunter shellcodes
> and for example:
> http://www.hick.org/code/skape/papers/egghunt-shellcode.pdf
> thanks to skape ;)
>
> and this one from spoonm:
> http://www.metasploit.com/confs/recon2005/recent_shellcode_developments-recon05.pdf
>
>
> PS: note that searching for "hunter" and "egg" in the exploits modules
> directory of the Metasploit should reveal some nice examples
>
> good luck
> /JA
> SecurInfos.info
>
> Clemens Kolbitsch wrote:
>> ok sorry... just a short second question:
>>
>> i need to obtain the eip obviously, to find the offset to a second
>> payload that i copy somewhere (it is appended to the first payload
>> and i jump somewhere before reaching this part..).
>>
>> what i would really like to do is directly add my assembler code of
>> the second payload to the end of the c-source of the first. however,
>> this payload also includes strings. i thought that that was no
>> problem if i use
>>
>> __asm("db MYCHAR");
>>
>> however, i get that the db instruction is not valid... can it only be
>> used inside the DATA part of a program or what am i doing wrong??
>>
>> i know... i can still simply copy it there using some hex-editor, but
>> with frequent changes during development, this is annoying...
>>
>> again... thanks for any help and sorry for the offtopic :-)
>>
>>
>
More information about the framework
mailing list