Chapter 11: The Technique of Writing Portable Shellcode

Overview

Shellcode never knows beforehand where it will land; therefore, it must be capable of surviving under any conditions and automatically adapting for the specific operating system. This is not an easy task, and most hackers are defeated because of insufficient attention to this issue. The few survivors in such invisible battles have given cyberspace information badly needed by dozens of worms, viruses, and their creators .

Recently, the topic of portable shellcode became extremely popular in the acker community. Some hackers are delighted by it, while the other sniff scornfully. Portable software is fully abstracted from design features of specific hardware and software. For example, the printf function can successfully output the "Hello, world!" string to both monitor and teletype. Therefore, it is portable. Note, however, that it is the function that is portable, not its implementation. Monitor and teletype are controlled by different code , which is chosen at the stage of compiling and linking the application.

Shellcode is the machine code closely related to specific features of the target system. Therefore, it cannot be portable by definition. There are no shellcode compilers because there are no adequate languages to describe it. This makes hackers use Assembly language or even machine code, which are different for different processors. Even worse , a "naked" processor is of no interest in isolation from peripheral devices. This is because the shellcode must not only add and multiply numbers , but also open and close files, process network requests , etc. To achieve this, it must call API functions of operating systems or drivers of appropriate devices. Different operating systems use different calling conventions, and these conventions vary greatly. Thus, it is possible to create shellcode supporting a couple dozen popular operating systems; however, its size would exceed all allowable limits, because the lengths of the overflowing buffers are measured in tens of bytes.

Thus, people agreed to call shellcode portable if it supports the specified family of operating systems (for example, Windows NT, Window 2000, and Windows XP). As practice has shown, this degree of portability is enough for solving most practical tasks . Actually, it is much easier to write a dozen highly tailored shellcodes than one universal shellcode. Nothing can be done about this because portability, in most cases, is achieved at the expense of increasing the size of the shellcode. Therefore, striving for portability is justified only in exceptional situations.



Shellcoder's Programming Uncovered
Shellcoders Programming Uncovered (Uncovered series)
ISBN: 193176946X
EAN: 2147483647
Year: 2003
Pages: 164

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net