Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: Jump back to shellcode Windows overflow
Date: Wed Apr 23 2003 - 22:04:20 CDT
Thanks everyone for the help.
Tried placing shellcode at end, seemed to not overwrite EIP
Next, tried using a near jump and it works great (besides the fact that I
haven't got the shellcode working quite right yet).
// Near jump to shellcode (approx 422 bytes, jmp near -422)
char jumpcode  =
My total buffer (460 bytes,411-414 overwrite EIP) now looks like this
Top of Stack NOPS Shellcode EIP ** NOPS jump
00fbfddd fbfde9 fbfe07 fbff87 fbff88 fbff9c
I am attempting to use shellcode from the "Advanced Buffer Overflow"
writeup by Litchfield (I changed LoadLibrary and GetProcAddress calls to
the right addresses). I'm worried that I won't have enough space(have
about 400 bytes to work with) if I decided to attempt to write my own
shellcode. Thanks for the assistance! I will let you know if everything
>How about just a short or near jmp? How many bytes between where EIP
>and your shellcode? I.E. jmp -128 or something? EB 80, I think.