PPaste!

shellcode null address bypass

Home - All the pastes - Authored by Thooms

Raw version

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
import random

def has_null_byte(x: int) -> bool:
    return any(((x >> (8*i)) & 0xff) == 0 for i in range(8))

def find_nullfree_xor_pair(target: int):
    while True:
        # génère un entier 64 bits aléatoire sans octet nul
        a = 0
        for i in range(8):
            byte = random.randint(1, 255)  # jamais 0
            a |= (byte << (8*i))

        b = target ^ a

        # on vérifie que b n’a pas de null byte non plus
        if not has_null_byte(b):
            return a, b

# Exemple d'utilisation
t = int(input("addresse : "), 16)
a, b = find_nullfree_xor_pair(t)

print(f"remplacer : mov     rbx,    0x{(a ^ b):016x}")
print(f"par : ")
print(f"mov rbx, 0x{a:016x}")
print(f"xor rbx, 0x{b:016x}")