Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- to Write shellcode:
- 1.always try use alternative of MOV
- 2.if there is string ,use PUSH and POP (some time it may create nullbyte)
- 3.No need to use PUSH AND POP for integer number , use ( mov [fd],eax Or mov eax,[fd] )
- sometimes it may generate null byte but not at all
- 4.Use XOR for EAX,EBX,ECX,EDX
- 5.using MOV for Those variable reserved in .bss section Won't create null byte (1st XOR ecx,ecx)
- Example:
- section .bss
- var resb 20
- section .text
- xor ecx,ecx
- .............
- ;other code
- .............
- mov ecx,var ; EAX,EBX,EDX can be used and other registers
- 6.using ESI,EDI after XOR esi,esi Or XOR EDI,EDI won't create nullbyte
- example:
- section. data
- msg db "hello"
- section .text
- xor esi,esi
- xor edi,edi
- ..............
- mov esi,msg
- ..............
- mov edi,msg
- 7.LEA command doesn't create null byte
- 8.this won't create nullbyte
- jmp short one
- two:
- ................
- ................
- ;other code
- ................
- one:
- call two
- ................
- 8.XCHG instruction won't create null byte
- example:
- section .data
- msg db "hello"
- .............
- ............
- ..........
- xchg ecx,msg
- ..........
- xchg eax,edi
- xchg eax,esi
- XCHG create null byte for these instructions
- xchg eax,4
- xchg edx,len
- xchg ebx,1
- ...............
- 9.ADDing number to EDX won't create nullbyte(this for only little number if the number is big ,use number 10 method)
- EXAMPLE:
- mov edx,0x31d
- 10.ADDing too long number cause null byte
- ADD edx,0x9a8e0f072c
- here Use MOV
- 11.these won't create null byte
- MOV ECX,ESP
- MOV EDI,ESP
- and like this
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
