Index
> Windows > Interesting puzzle |
| Author |
|
|
ACP 05 Feb 2007, 15:05
Here you can find interesting puzzle:
http://www.pagetable.com/?p=26#comments It took one second to convert it to FASM so here it is for you to have some fun: Code: format PE console include '.\INCLUDE\win32ax.inc' .code start: push (0CBh shl 24) or 08h call $-1 .end start BTW: IDA can have problems with this code - better use OllyDBG with Code Analysis option. |
|||
05 Feb 2007, 15:05 |
|
|
ACP 06 Feb 2007, 16:10
You actually don't need to call ExitProcess to exit Windows process.
|
|||
|
06 Feb 2007, 16:10 |
|
|
MichaelH 06 Feb 2007, 20:25
Very cool but what's the next step? I'd like to see a simple app that could call debugPrint from kernel mode for example.
Last edited by MichaelH on 08 Feb 2007, 02:01; edited 1 time in total |
|||
|
06 Feb 2007, 20:25 |
|
|
Goplat 08 Feb 2007, 01:56
ACP: Is that supposed to enter ring 0? It doesn't work on XP.
|
|||
|
08 Feb 2007, 01:56 |
|
|
ACP 11 Feb 2007, 21:38
Goplat wrote: ACP: Is that supposed to enter ring 0? It doesn't work on XP. No - you can't just like that enter from 3 to ring 0. The presented code is a neat trick that uses simple technique for coding instructions as a series of push instruction and pointing EIP into middle of opcode. It also has other use - you can read it on the page with original posting. However the main idea of jumping in the middle of opcode will work on other operating systems as well. |
|||
|
11 Feb 2007, 21:38 |
|
< Last Thread | Next Thread > |
Forum Rules:
|