Jump to content

* * * * * 1 votes


  • Please log in to reply
25 replies to this topic

#26 AceInfinity


    Frequent Member

  • Team Reboot
  • 228 posts
  • Location:Canada
  • Interests:Windows Security, Programming, Customizing & Crash Dump Analysis.

Posted 19 August 2013 - 10:41 AM

Regarding ARM, I really have not much knowledge..


Maybe the return values should have been changed. It just was not part of the core logic, so could have removed it altogether by changing the function from int to void.


Regarding the first byte in the shellcode, where it in comments says "int 3". There currently is 0x90 (NOP), but can be changed to 0xCC (INT 3) to make your JIT debugger break at shellcode. Though I am rather sure you figured out that.


int to void is definitely not recommended however, it's considered a red X in programming. To be honest though, if you are just wanting to remove all returns you don't need them at all anyways by the C99 standard. C89 requires it. It will call to exit anyways in the end with some return code, which is why it's not necessary, and will return the value of whatever is in the eax register at that point. I wanted to try to see what I could do with my Surface RT, but I may not have time until next weekend. It should be interesting, assuming I don't run into any other issues other than the minimum signing level issue which is hardcoded into the kernel on my RT...

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users