[Codecfault]

Does anyone know the whereabouts of any info on how to write shellcode for windows. I am looking to understand how various exploits work and hopefully to write my own.

Thank you for your time

Codecfault

[pr0t0type]

Been trying to learn myself. I posted a good into into into buffer overflows in the sticky above and I've found this article to be really helpfull. I'd be interested if anyones got anmy good asm tuts :)

[Codecfault]

great link thanks pr0t0type

[SLiM577]

thanks alot guys im also trying to learn to code /etc

[nazinofix]

http://www.hick.org/...2-shellcode.pdf

[Buluemoon]

Thanks to all who posted links on this subject, the last 2 look very useful, and have to go and read them, been looking around but never saw these.

[Codecfault]

thanks a lot nazinofix great link

[skorpio]

thx nazinofix
very interesting link :)

byee

[BillyJawz]

http://www.cs.fit.ed.../cs-2002-12.pdf

W32 buffer overflow froma A to Z .

[nipagini]

wow thx m8!!! that's a realy good documentation about buffer overflows!!

[riotz]

these 2 pdfs are a real nice reading..
thnx for shaing :)

[nazinofix]

The 'Understanding Windows Shellcode' paper cited earlier in this thread covers the technique of walking down in increments of 16 pages (64KB) to locate the MZ header associated with kernel32 by taking an address that is known to be inside kernel32. It applies this technique with both walking the SEH list to the last handler as well as using a known offset from the top of the stack which is in the TEB. The latter ends up being about 25 bytes all told. Is this what you're describing?