The term ???shellcode??? (or ???shell code???)
derives from the fact that in many cases, malicious users utilized code that would provide
them with shell access to a remote computer on which they did not possess an account;
or alternatively, a shell with higher privileges on a computer on which they did
have an account. In the optimal case, such a shell might provide root or administrator
level access to a vulnerable system. Over time, the sophistication of shellcode has grown
well beyond providing a simple interactive shell to include such capabilities as encrypted
network communications and in-memory process manipulation. To this day,
however, ???shellcode??? continues to refer to the executable component of a payload designed
to exploit a vulnerable program.
195
User Space Shellcode
The majority of programs that typical computer users interact with are said to run in user
space. User space is that portion of a computer??™s memory space dedicated to running programs
and storing data that has no need to deal with lower level system issues. That
lower level behavior is provided by the computer??™s operating system, much of which
runs in what has come to be called kernel space, since it contains the core, or kernel, of the
operating system code and data.
Pages:
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381