Sometime ago I created a shellcode that doesn't use any hardcoded address, it looks in the process for them... I posted it here, but I have to find it. My advice is too look into virii coding tutorials... There're good tutorials around this and other very interesting subjects. Also look for a PE format reference/tutorial. Look for 29a magazine and also at vx.netlux.org Regards ----- Original Message ----- From: "Gary O'leary-Steele" <garyo@sec-1.com> To: <pen-testat_private> Cc: <vuln-devat_private> Sent: Thursday, September 26, 2002 4:54 PM Subject: Shell code -RVA techniques or something similar > Hi, > > I am looking for documentation/tutorial on writing shell code for Windows. > Specifically using RVA techniques or something similar to make my shell code > service pack independent. > > > The problem I am experiencing is that all the exploits I have written in the > past use fixed addresses within Kernel32.dll such as the offset for winexec > or loadlibrarya and getprocaddress. Therefore a variation in service pack > etc causes my exploit to fail. > > > Thanks in advance. > > > Kind Regards, > > Gary > >
This archive was generated by hypermail 2b30 : Thu Oct 03 2002 - 14:25:46 PDT