Geek Answers Handbook

Null Free Shellcode

I am trying to convert the build program that I wrote into null text code.

However, I am not sure how to do this for specific instructions. Some of them (in Intel syntax) include:

push 0x1000

and

 mov BYTE [eax],0x31

I want to avoid using thousands of calls for inc eax. I thought maybe something creative with xoring values, but for the second, maybe if there was a flag to make it accept a constant of only 8 bytes.

Any help is appreciated.

+4
source share
1 answer
 push 0x1000

If you can save on registration (and you don't mind dropping the flags), how about something like:

 xor eax, eax inc eax shl eax, 12 push eax 
 mov BYTE [eax],0x31

Zero here does not come from a constant, but from the addressing mode. Try:

 xchg eax, ecx mov BYTE [ecx],0x31 xchg eax, ecx
+2
source

More articles:


All Articles