TABLE OF CONTENTS Writing shellcode involves an in-depth understanding of assembly language for the target architecture in question. Usually, different shellcode is required for each version of each operating system under each hardware architecture. This is why public exploits tend to exploit a vulnerability on a highly specific target system and why a long list of target version/OS/hardware (albeit usually very incomplete) is included in the exploit. Within shellcode, system calls are used to perform actions. Therefore, most shellcode is operating system dependent because most operating systems use different system calls. Reusing the code of the program in which the shellcode is injected is possible but difficult, and not often seen. As you saw in the previous chapter, it is always recommended to first write the shellcode in C using system calls only, and then to write it in assembly. This forces you to think about the system calls used and facilitates how to translate the C program.
After an overview of the assembly programming language, this chapter looks at two common problems that shellcode must overcome: the addressing problem and the NULL byte problem. It concludes with some examples on writing both remote and local shellcode for the 32-bit Intel Architecture (IA32) platform (also referred to as x86).
Shellcode is the code executed when a vulnerability has been exploited. Shellcode is usually restricted by size constraints, such as the size of a buffer sent to a vulnerable application, and is written to perform a highly specific task as efficiently...
