BanMe.From.Native_Development

Native Application Development Blog

  1. The dream is 'really higher up'... :P

    by , March 12th, 2011 at 21:40 (BanMe.From.Native_Development)
    OK so this is a 'blog' entry..what defines a blog?..usually its written by 1 person with some lore about something..sometimes it contains insight to the person writing it, and sometimes it's just nothing..well that isn't how I roll..The dark scowl, calculating eyes, and the 'fuck it I'll help' attitude. Sometimes it shortens, but I am not perfect..

    So I don't really like paying for things when I can find them for free just by trying..

    So I went out and got the intel manuals; indy repeats that everyone needs to read them over and over...( I got ear muffs and blinders as well)...Then while reading that, I needed to have fun or I would go crazy..So I wanted to learn more about shellcoding..as I really didn't know shellcoding, before coding that beast in it.. I thought it to be a excellent tool to add to my asm knowledge..

    Then I thought how could I share it and not only teach myself interesting concepts but try to do it in a non destructive way..So I looked around and found the shell coders handbook(s)..along with accompanying code.

    Much of that code is non malicious and should provide a good learning base and its compilable..

    My concept of 'shell code' to explain the dream..:
    1. It should be PIC(position independent code) I.E. it should work, no matter where it is 'placed' in memory...
    2. It should demonstrate kernels of knowledge gathered from many different perspectives and 'schools of thought'.


    But how could I also entangle you the reader to contribute code,and what rules could we all follow to guide us in our explorations?

    I answer my own questions 'contributor rules'

    1. code must not be malicious or infectious(though it can have viral tendencies)
    2. code must not have nulls and the fastcall/syscall convention should be espoused..
    3. code may display omnimorphic qualities and must not have a 'data section' if compiled.
    4. code must not use the 'ldr_data portion of the peb' or API.
    5. other then the above you are free to do as you wish..

    to tickle your mind..
    Code:
    	xor ecx,ecx;	\
    			;1 dword 'stack'
    	mov ecx,ebx;	/
    	db 064h;	\ useless prefix
    	db 08bh		;mov eax,ebx
    	db 0c3h;	/ret
    
    	db 0e8h;	\
    			;call to ret
    	dd 0fffffffah;	/
    
    	mov ecx,dword ptr [esp-4h]; get call return address on stack
    	add ecx,-08h ;minus 8 from return address to point to self stack 
    	mov esp,ecx  ;make the stack internal
    
    	push ecx;	\
    			;push address of mov eax,ebx to stack and return to it.
    	ret		/


    chapter 1 code..

    this looks simple..and remember it is in the trying that we all learn.

    Code:
    int triangle (int width, int height){
    int array[5] = {0,1,2,3,4};
    int area;
    area = width * height/2;
    return (area);
    }
    So conceptually compiling this to fastcall...(ie I didn't really do this 'yet').. This function would take width in ecx, and height in edx, then multiply them and divide by 2, and then return the result..

    Updated March 13th, 2011 at 12:19 by BanMe

    Categories
    Uncategorized