On Mon, 20 Aug 2001, Der HexXer wrote: > Why do you have an relative jump to [ShellCode-Entry] - 7 Bytes > at the beginning of your code? > (the first jump should be EIP+11 bytes: \xEB\x0B\x...) > > Debug: (added 4 nops; entry: 00401000) > 00401003 90 nop > 00401004 EB F7 jmp 00400FFD ;??? > 00401006 8D 76 17 lea esi,[esi+17h] > 00401009 8B FC mov edi,esp > 0040100B 8B D7 mov edx,edi > 0040100D F3 A4 rep movs byte ptr [edi],byte ptr [esi] > 0040100F 52 push edx > 00401010 C3 ret > 00401011 EB 30 jmp 00401043 ;eip should jump to > this address > ;00401228 E8 E6 FD FF FF call 00401013 > =>00401013 5F pop edi Hello. I am sorry :(, i had a mistake when i was passing asm code to C code. I copy 13 bytes befero shellcode that are trash. The original shellcode begin in 00401011 EB 30 jmp 00401043. You must delete 13 bytes before '\xEB\x30', or you can download fixed shellcode from 'http://www.undersec.com/programas/generic-win32.c'. It is bad, but it is good too, because shellcode is 13 bytes smaller ;D. Thanks very much and sorry. ==============-----------------------------============== RaiSe UNDERSEC Security Team / http://www.undersec.com NetSearch Ezine Staff / http://www.netsearch-ezine.com ysfk>2{5~~2s~eska2~}dw2k}g<<< XOR 18 ==============-----------------------------==============
This archive was generated by hypermail 2b30 : Mon Aug 20 2001 - 08:23:05 PDT