Developing Shellcode

The strategy of shellcode development is standard. The developer sets the ESP register to a safe position ( 0D0D0D0Dh in this case), determines the addresses of the API functions by directly scanning the memory or using Process Environment Block (PEB), creates a remote TCP/IP connection in the context of the already-established one (thus blinding firewalls), and then draws in the main executable module. The main executable module can be saved on the disk (this is easy but noticeable) or in the main memory (implementation of this approach is difficult, but the result is excellent ).

Here, there are practically no limitations on the size of the shellcode (in this case, slightly more than half of the memory are at the hacker's disposal). The string is represented in the Unicode format, which means that single zero characters can be present. Thus, there is no need to implement decryptors. Shellcode inherits all privileges of the browser. And note that the most inexperienced users start it with administrative privileges. Therefore, the capabilities of the shellcode are limited only by the developer's imagination .



Shellcoder's Programming Uncovered
Shellcoders Programming Uncovered (Uncovered series)
ISBN: 193176946X
EAN: 2147483647
Year: 2003
Pages: 164

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net