BanMe.From.Native_Development

The dream is 'really higher up'... :P

Rate this Entry
OK so this is a 'blog' entry..what defines a blog?..usually its written by 1 person with some lore about something..sometimes it contains insight to the person writing it, and sometimes it's just nothing..well that isn't how I roll..The dark scowl, calculating eyes, and the 'fuck it I'll help' attitude. Sometimes it shortens, but I am not perfect..

So I don't really like paying for things when I can find them for free just by trying..

So I went out and got the intel manuals; indy repeats that everyone needs to read them over and over...( I got ear muffs and blinders as well)...Then while reading that, I needed to have fun or I would go crazy..So I wanted to learn more about shellcoding..as I really didn't know shellcoding, before coding that beast in it.. I thought it to be a excellent tool to add to my asm knowledge..

Then I thought how could I share it and not only teach myself interesting concepts but try to do it in a non destructive way..So I looked around and found the shell coders handbook(s)..along with accompanying code.

Much of that code is non malicious and should provide a good learning base and its compilable..

My concept of 'shell code' to explain the dream..:
1. It should be PIC(position independent code) I.E. it should work, no matter where it is 'placed' in memory...
2. It should demonstrate kernels of knowledge gathered from many different perspectives and 'schools of thought'.


But how could I also entangle you the reader to contribute code,and what rules could we all follow to guide us in our explorations?

I answer my own questions 'contributor rules'

1. code must not be malicious or infectious(though it can have viral tendencies)
2. code must not have nulls and the fastcall/syscall convention should be espoused..
3. code may display omnimorphic qualities and must not have a 'data section' if compiled.
4. code must not use the 'ldr_data portion of the peb' or API.
5. other then the above you are free to do as you wish..

to tickle your mind..
Code:
	xor ecx,ecx;	\
			;1 dword 'stack'
	mov ecx,ebx;	/
	db 064h;	\ useless prefix
	db 08bh		;mov eax,ebx
	db 0c3h;	/ret

	db 0e8h;	\
			;call to ret
	dd 0fffffffah;	/

	mov ecx,dword ptr [esp-4h]; get call return address on stack
	add ecx,-08h ;minus 8 from return address to point to self stack 
	mov esp,ecx  ;make the stack internal

	push ecx;	\
			;push address of mov eax,ebx to stack and return to it.
	ret		/


chapter 1 code..

this looks simple..and remember it is in the trying that we all learn.

Code:
int triangle (int width, int height){
int array[5] = {0,1,2,3,4};
int area;
area = width * height/2;
return (area);
}
So conceptually compiling this to fastcall...(ie I didn't really do this 'yet').. This function would take width in ecx, and height in edx, then multiply them and divide by 2, and then return the result..

Submit "The dream is 'really higher up'... :P" to Digg Submit "The dream is 'really higher up'... :P" to del.icio.us Submit "The dream is 'really higher up'... :P" to StumbleUpon Submit "The dream is 'really higher up'... :P" to Google

Updated March 13th, 2011 at 12:19 by BanMe

Categories
Uncategorized

Comments