Interesting replies... I also didnt realize this was for mostly generating "shellcode", but with a little thought I could of probably figured this out.<br><br><b><i>"Berend-Jan Wever (SKYLINED)" <bjwever@microsoft.com></i></b> wrote:<br>>>The number of variations of achieving the same thing is actually very <br>>>large. It would be nice to be able to determine how many variations <br>>>there are in total. I'm only interested in variations that don't use "nop" >>instructions that don't do anything useful. There must be a way to do <br>>>it and prove that you've got all of them.<br><br>>>Cheers,<br><br>>>SkyLined<br><br>Do you actually think its possible to find *every* combination? I have thought about it a bit since reading your email and if there are no size/performance/opcode restrictions then I think you could have an unlimited amount of combinations ( assuming we are using your last example about extending one
instruction into multiple). It would somewhat depend on what exactly you consider a nop instruction too.<br><br>Also if you move away from the basic instruction set into the "extended ones" ( i do not know the real name for all the multimedia and floating point ones), then you would have extreme problems trying to match them all. <br><b><i><br></i></b><b><i><br> </i></b><b><i>Dave Aitel <dave@immunityinc.com></i></b> wrote:<br> >>Which so far hasn't hurt us, since our shellcode doesn't use it. This<br>>>is very much a shellcode/proglet assembler.<br> <br>I should have realized this point before, but it went right past me.<br><br>>> I added bt this morning, so that should work nicely for you now. For bonus >>credit I added bswap. :>. <br><br>gracias<br><br>>> We have been using a similar (though much slower) assembler for a few <br>>> years now in all of our exploits (which is why I can finish an assembler in a
>> week, rather than a month or two).<br><br>I was wondering this exact thing<br><br>>> Once the C parser is rewritten, I'll release it all as LGPL and you can fix it :>.<br><br>/me hides<br><br>>> I really like the idea of a web service for shellcode decoder creation. This was >> part of the original idea for the CANVAS World Service (which we're still going >> to do some day).<br><br>this would be amazing, especially if some of skylined ideas ( multiple instructions, setting fixed offsets to introduce alot of math instructions to break patterns) would be incorporated.<br><br>>> - -dave<br><p> 
<hr size=1><a href="http://us.rd.yahoo.com/evt=48250/*http://searchmarketing.yahoo.com/arp/sponsoredsearch_v9.php?o=US2226&cmp=Yahoo&ctv=AprNI&s=Y&s2=EM&b=50">Pinpoint customers </a>who are looking for what you sell.