Bug in shikata_ga_nai encoder ?

[alok.menghrajani at ilionsecurity.ch (Alok Menghrajani)]

Hi,

Yes, the problem is with the direction flag ! Adding 0xfc solved everything.

The funny thing, is that it seems LoadLibraryA wants this flag cleared.
My code doesn't call loop, so I'm not relying on this flag.

Thanks so much.

Alok.


H D Moore wrote:
> The most common problem is that the payload assumes something about the 
> stack layout or CPU state that is no longer true after the shikita 
> encoder runs. Some things you may want to try:
>
> 1) Normalize the stack as the first part of your payload:
> "\x81\xc4\xff\xef\xff\xff\x44"
>
> 2) Reset the direction flag
>   "\xfc"
>
> -HD