[Code-Crunchers] 1 Byte ExitProcess
Gil Dabah
distorm at gmail.com
Fri Oct 20 00:39:56 CDT 2006
Hello everyone,
How are you doing?
Ok, if you didn't follow up my chat with Matthew, you should read it first,
this is how we developed 2 bytes ExitProcess (raising silent exception which
will shut the process):
http://blogs.securiteam.com/index.php/archives/679
Anyways, the new trick I just thought of is:
XCHG EAX, ESP (of course, we assume EAX is < 1000h or just not mapped).
That's it ONE byte. That's really it. :-)
The catch is that after this instruction the thread will continue execution
of garbage instructions, probably will fast enough get to an invalid
instruction/access violation and Windows will shut the process.. Voila
Dabah
BTW - 315 bytes for Tiny PE
_____
From: Ivan_Macalintal at trendmicro.com [mailto:Ivan_Macalintal at trendmicro.com]
Sent: Friday, October 20, 2006 6:33 AM
To: jasongef at microsoft.com; code-crunchers at whitestar.linuxbox.org
Subject: Re: [Code-Crunchers] 1stsmallestpost!
-IM
TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential
and may be subject to copyright or other intellectual property protection.
If you are not the intended recipient, you are not authorized to use or
disclose this information, and we request that you notify us by reply mail
or telephone and delete the original message from your mail system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://whitestar.linuxbox.org/pipermail/code-crunchers/attachments/20061020/fedabb35/attachment-0001.htm
More information about the Code-Crunchers
mailing list