-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Generally I preffer to code a proof-o-concept this way (when possible): > > [AAAAAAAAAAAAAA][EBP][EIP][SHELLCODE] > > not this way: > > [SHELLCODE][AAAAA][EBP][EIP] Yes, but first code has a problem. Look at this code: ** int main(int argc. char *argv[]) { char buffer[256]; strcpy(buffer, argv[1]); printf("%s", argv[2]); } ** If you put the shellcode after [EIP], you will overwrite argc and argv, so, printf will make segv fault. I think that is better to put shellcode before [EBP] and [EIP] when it is possible. ==============-----------------------------============== RaiSe UNDERSEC Security Team / http://www.undersec.com NetSearch Ezine Staff / http://www.netsearch-ezine.com ysfk>2{5~~2s~eska2~}dw2k}g<<< XOR 18 ==============-----------------------------============== -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQE7lwkhSP4h0VxUtqMRApmOAJ9GpfM3Dt6dUqfkRRwC+7u4SeDfDgCgiXx2 x83Kq3APOf7ZsCVCgDUYiBo= =k71I -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Wed Sep 05 2001 - 17:02:16 PDT