When a buffer overflow results from a strcpy operation, for example, we must be
careful that our buffer does not inadvertently contain a null character that will prematurely
terminate the strcpy operation before the target buffer has been overflowed. In
other cases, we may not be allowed to use carriage returns or other special characters in
our buffer. In extreme cases, our buffer may need to consist entirely of alphanumeric or
valid Unicode characters. Determining exactly which characters must be avoided is generally
accomplished through a combined process of reverse-engineering an application and
observing the behavior of the application in a debugging environment. The ???bad chars???
set of characters to be avoided must be considered when developing any shellcode, and
can be provided as a parameter to some automated shellcode encoding engines such as
msfencode, which is part of the Metasploit Framework. Adhering to such restrictions
while filling up a buffer is generally not too difficult until it comes to placing our
shellcode into the buffer. The problemwe face with shellcode is that, in addition to adhering
to any input-formatting restrictions imposed by the vulnerable application, it must
represent a valid machine-language sequence that does something useful on the target
processor.
Pages:
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398