deros68
28-09-05, 20:43
Have stack smash & EIP when user opens/preview email. I want to execute "jmp register + displacement" to run calc.exe shellcode . Cannot (yet) get right x86 opcode to do this.
example: edi = 05699abe my next instruction is at 62c11255. I think that I need the jmp r/32 opcode form of jump. What I want to do is to jmp to shellcode at 05699abe (EDI) + x1300 (may adjust the x1300 using a noop sled)
I am also limited by the funky translation of the input stream so that I cannot use hex 00,01-20, 81-89 but I can get some of the hex 89-255 characters in (varies widely).
Where is the best explanation of the X86 opcodes ? I looked at the Intel series of pdf files of the X86 and am still not certain what opcode to use. I am used to writing assembler (mainframe for many years) but find the X86 assembler to be chaotic and am hoping for a good explanation - with examples of the mnemonic + opcocde .
thanks
example: edi = 05699abe my next instruction is at 62c11255. I think that I need the jmp r/32 opcode form of jump. What I want to do is to jmp to shellcode at 05699abe (EDI) + x1300 (may adjust the x1300 using a noop sled)
I am also limited by the funky translation of the input stream so that I cannot use hex 00,01-20, 81-89 but I can get some of the hex 89-255 characters in (varies widely).
Where is the best explanation of the X86 opcodes ? I looked at the Intel series of pdf files of the X86 and am still not certain what opcode to use. I am used to writing assembler (mainframe for many years) but find the X86 assembler to be chaotic and am hoping for a good explanation - with examples of the mnemonic + opcocde .
thanks