Dailydave mailing list archives
Re: Ants, trees, etc.
From: Dave Aitel <dave () immunitysec com>
Date: Wed, 22 Jun 2005 09:43:48 -0400
Jonatan B wrote:
To score, I'd run a quick algo across each block, and if it does what "primary" (original) block does (according to the emulator), then it would have a higher score.If I understood what you wrote correctly, then verifying that these two blocks of code yields the same result when given the same input means solving the halting problem. Jonathan.
Maybe in the larger sense, but I'm just comparing register contents and the state of the stack. Someone else asked about the difference between this and shellforge, and I think shellforge (last I looked) maps between C and shellcode (and then throws a decoder on it). The goal of this is to not need a decoder at all, and to map from <shellcode with badchars> to <shellcode without badchars> given any arbitrary shellcode as input. The benefit of MOSDEF metadata for this is that you can do the reverse mapping. I.E. You can say "out of all these instructions, which ones have bad characters". Without tight control of your assembler, doing this would require some clunky and bizzare algorithms that would be very painful to write. -dave _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Ants, trees, etc. Dave Aitel (Jun 21)
- Re: Ants, trees, etc. Jonatan B (Jun 22)
- Re: Ants, trees, etc. Dave Aitel (Jun 22)
- Re: Ants, trees, etc. dvorak (Jun 22)
- Re: Ants, trees, etc. David Klotz (Jun 22)
- Re: Ants, trees, etc. Jonatan B (Jun 23)
- Re: Ants, trees, etc. plonky (Jun 23)
- Re: Ants, trees, etc. plonky (Jun 23)
- Re: Ants, trees, etc. Jonatan B (Jun 22)