In the previous email (Re: Shellcode from ASCII) I sent a piece of code that needs "EDI pointing to its first byte", this means, it needs to know the address in memory where itself (the code) is located. There are several ways to do this, the most I like is CALL $+4 RET POP EBX or call .+4 ret pop %ebx this is pretty generic, has no zeros and is a small as we could do it (it doesn't mean there's no smaller way). And it also makes you think for a few seconds :-) Ok, first challenge: create a Get PC code with no zeros and no 0xff in it. sounds easy? hehe, it's not. However, we know it's possible, at least sometimes. Second challenge, for which we have no answer yet (it's not that we are spending all our time to solve it either), write a GetPC code with no zeros, no 0xff... and only "ascii" (either extended ascii ranging form 0x21 to 0x7f) or with as few "weird" characters as possible... ok, you know the challenges... there are no rules I think :-) gera PS: Of course, as halvar told me when I through this questions at him once: how did you jump to your code in the first place [if you don't know its address]. And well... he does have a strong point there... but heh, it's still a lot of fun to think about this small pieces of code, isn't it? :-)
This archive was generated by hypermail 2b30 : Thu Jun 26 2003 - 08:51:04 PDT