EvilZone

Other => Found it on the Webs => : 0x90 February 07, 2012, 03:07:32 PM

: Writing Anti-IDS Shellcode
: 0x90 February 07, 2012, 03:07:32 PM

A great guide to shellcoding that avoids 0x90 (NOP) detection by IDS' by using 0xeb 0x00 (JMP) instructions instead.

http://www.ouah.org/stealthcode.txt (http://www.ouah.org/stealthcode.txt)

: Re: Writing Anti-IDS Shellcode
: xor February 08, 2012, 05:56:33 AM

Isn't this generally a bad idea with shellcode? I thought the whole idea was to avoid null bytes. You'd have to write an encoder/decoder into the shellcode if you were going to use this method, which obviously will increase the payload as well - not great for smaller buffers.


[EDIT]


Just read the article, you made a typo:

   Replace this : 0x90
   With this : 0xeb0x02

No null (0x00) byte there.