[Code-Crunchers] 1 Byte ExitProcess
Nicolas Brulez
n.brulez at free.fr
Fri Oct 20 09:44:40 CDT 2006
hehe :)
For my tests, i was using NOT ESP, but it is two bytes :)
>
> Hello everyone,
>
> How are you doing?
>
> Ok, if you didn't follow up my chat with Matthew, you should read it
> first,
>
> this is how we developed 2 bytes ExitProcess (raising silent exception
> which will shut the process):
>
> http://blogs.securiteam.com/index.php/archives/679
>
> Anyways, the new trick I just thought of is:
>
> XCHG EAX, ESP (of course, we assume EAX is < 1000h or just not mapped).
>
> That's it ONE byte. That's really it. J
>
> The catch is that after this instruction the thread will continue
> execution of garbage instructions, probably will fast enough get to an
> invalid instruction/access violation and Windows will shut the
> process…. Voila
>
> Dabah
>
> BTW – 315 bytes for Tiny PE
>
> ------------------------------------------------------------------------
>
> *From:* Ivan_Macalintal at trendmicro.com
> [mailto:Ivan_Macalintal at trendmicro.com]
> *Sent:* Friday, October 20, 2006 6:33 AM
> *To:* jasongef at microsoft.com; code-crunchers at whitestar.linuxbox.org
> *Subject:* Re: [Code-Crunchers] 1stsmallestpost!
>
> -IM
>
> TREND MICRO EMAIL NOTICE
> The information contained in this email and any attachments is
> confidential and may be subject to copyright or other intellectual
> property protection. If you are not the intended recipient, you are
> not authorized to use or disclose this information, and we request
> that you notify us by reply mail or telephone and delete the original
> message from your mail system.
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Code-Crunchers mailing list
> Code-Crunchers at whitestar.linuxbox.org
> http://whitestar.linuxbox.org/mailman/listinfo/code-crunchers
>
More information about the Code-Crunchers
mailing list