Exploit-Development-Tools
Exploit-Development-Tools copied to clipboard
mgeeky
Addition of egghunters
I have added all the egghunters described in the Corelan tutorials and I have added the option to edit the 'w00t' tag
Hello there,
Thanks for this PR - can you elaborate a bit further why did you changed primitives and why do we need additional egghunters?
Best regards, M.
Hello, first of all thank you very much for answering my request. The main reason why adding several egg hunters is because some could work or not in different operating systems, elsewhere I have been given the opportunity to verify that in certain cases the search times vary (stability), which depending on the environment, it is essential to have several different egg hunters and finally it is a good way to learn about the behavior and knowledge of the different egg hunters and how they work. With respect to primitives, I only removed the displacement (padding), since this displacement varies according to the software that is being exploited, as an example the addition of the padding as it was configured, it generated an overwriting very far from ESP.
It would be ideal in the future to implement the option where the user can specify the ESP offset (it would be easy through the option 0xDWORD):
Pseudo Code
[Set EAX to 0] [Code obtained from 0xDWORD] [Egg Hunter]
ASM Code
XOR EAX, EAX MOV EAX, ESP ADD EAX, 0xDEADBEEF (offset) PUSH EAX POP ESP EGG HUNTER
regards
El 17-04-2018, a las 11:32, Mariusz [email protected] escribió:
Hello there,
Thanks for this PR - can you elaborate a bit further why did you changed primitives and why do we need additional egghunters?
Best regards, M.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/mgeeky/Exploit-Development-Tools/pull/1#issuecomment-382014395, or mute the thread https://github.com/notifications/unsubscribe-auth/APGY0MBmBXqTp0vhDIJlkiQhtcvhn5_cks5tpfzngaJpZM4TVyxO.