imported>Tom.Reding: -redundant class param

2025-02-14T16:40:47Z

-redundant class param

New page

{{WikiProject banner shell|
{{WikiProject Computer security|importance=mid|computing-importance=low}}
}}

== Untitled ==

Description of what the program does:

%## = and ax, ## (remember that x86 uses [[little endian]] order!) 
-## = sub ax, ## 
P = push ax (search for "computer stack" or something) 
X = pop ax 
\ = pop sp 
T = push sp 
A = inc cx 

1. The program calculates the value of "50 bytes after where the algorithm ends" 
2. It sets the stack pointer to point to that location 
3. It calculates a [[hexadecimal]] C3C3 and places it in the AX-cpu register. (Sort of like a very-very-fast variable) 
4. It pushes (overwrites) "C3C3" to the stack 
5. It jumps to the written code. 

The reason why it has to calculate the values is that it is impossible to store this information in alphanumeric writeable ASCII. The values are simply way out of the reach for anything that you can write with an ordinary keyboard.

C3 means "RET" in x86 [[assembly language]]. It returns back to the previous routine/function by popping a new IP (Instruction Pointer) off the stack.

The reson why I choose to rewrite the code first after 50 bytes is because of the [[Prefetch Input Queue]]. Kind of complicated. The CPU reads its codes some cycles before it executes them, so, well, i had to be sure it wasnt allready loaded into the PIQ.

<pre>
0912:0100 252121 AND AX,2121 ; %!!
0912:0103 254242 AND AX,4242 ; %BB .. null ax-register (register = very very fast variable hardcoded in the cpu)
0912:0106 2D747A SUB AX,7A74
0912:0109 2D2121 SUB AX,2121
0912:010C 2D2563 SUB AX,6325 ; zero minus large numbers equals 0x146 (the program starts at 0x100 + code + 50 bytes)
0912:010F 50 PUSH AX
0912:0110 5C POP SP ; ser the stack pointer to this location (*sp = 0x146 in C'ish)
0912:0111 252121 AND AX,2121
0912:0114 254242 AND AX,4242 ; null ax-register again
0912:0117 2D3D3C SUB AX,3C3D : 0 - 0x3D3C = 0xC3C3 (remember little endian byte order)
0912:011A 50 PUSH AX ; *sp = 0xC3C3 ... C3 = "RET" in x86 assembly, meaning "return from function" or "}" in Cish.
0912:011B 7528 JNZ 0145 ; "goto *sp", think of it as the last "}" in the main-function
(...)
</pre>

%!!%BB-tz-!!-%cP\%!!%BB-=<Pu(

== Links to alphanumeric/unicode shellcode articles ==

Even though the topics of these articles mention ''shellcode'', the information applies to alphanumeric code in general. They are more relevant to alphanumeric code then they are to shellcode. [[User:SkyLined|SkyLined]] ([[User talk:SkyLined|talk]]) 08:46, 10 March 2008 (UTC)

== Alphanumeric vs printable ==

This article states that alphanumeric code uses any printable character. This is not true; alphanumeric code uses only 0-9A-Za-z (hence the name alphanumeric). ''Printable'' code uses any printable character (charcodes 0x20-0x7F). [[User:SkyLined|SkyLined]] ([[User talk:SkyLined|talk]]) 08:46, 10 March 2008 (UTC)

I'm planning on rewriting and expanding this article. Here's what I think should be in it:
1) alphanumeric / printable code
1.1) Techniques
1.2.1) individual instructions create code, which is executed (rix, others?)
1.2.2) decoder loop decodes code, which is executed (Alpha2, others?)
1.2) uppercase/lowercase
2) Platform specific sections:
2.1) IA-32
2.1.1) The GetPC problem
2.1.2) uppercase/lowercase
Other platforms?
3) Semi-alphanumeric/printable code:
3.1) toLowercase / toUppercase safe code
3.2) unicode safe code
3.3) Ascii art code
- [[User:SkyLined|SkyLined]] ([[User talk:SkyLined|talk]]) 18:49, 16 March 2008 (UTC)

== Removed BSCS Reference ==

I removed this:
:In [[BSCS]] the alphanumeric character have meaning: "a"-"z", "A"-"Z", "0"-"9". No special characters are included.
because there's nothing to explain what it means, and [[BSCS]] is an irrelevant link. Also it duplicates later content. [[User:Johantheghost|johantheghost]] ([[User talk:Johantheghost|talk]]) 13:54, 6 May 2009 (UTC)

== Further reading ==
The last link "Shellcoding for Linux and Windows — Printable Shellcode: Explanation and tutorial" doesn't strike me as particularly relevant or informative. It also doesn't seem to cover anything that isn't already covered in more detail in the other links. Because a lot of the links are pointing to my site, I'm worried that I will appear biased towards my own links. Can somebody else confirm the link isn't useful and remove it?     — [[User:SkyLined|<tt style="text-shadow:#80FF80 0.1em 0.1em 0.2em; color:#008000;">SkyLined</tt>]] ([[User_talk:SkyLined|talk]]) 23:22, 26 February 2011 (UTC)

== External links modified ==

Hello fellow Wikipedians,

I have just modified 2 external links on [[Alphanumeric shellcode]]. Please take a moment to review [[special:diff/814570212|my edit]]. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit [[User:Cyberpower678/FaQs#InternetArchiveBot|this simple FaQ]] for additional information. I made the following changes:
*Added archive https://web.archive.org/web/20110716082815/http://skypher.com/wiki/index.php?title=X86_alphanumeric_opcodes to http://skypher.com/wiki/index.php?title=X86_alphanumeric_opcodes
*Added archive https://web.archive.org/web/20110716082850/http://skypher.com/wiki/index.php?title=X64_alphanumeric_opcodes to http://skypher.com/wiki/index.php?title=X64_alphanumeric_opcodes

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

{{sourcecheck|checked=false|needhelp=}}

Cheers.—[[User:InternetArchiveBot|'''InternetArchiveBot''']] ([[User talk:InternetArchiveBot|Report bug]]) 16:39, 9 December 2017 (UTC)

Talk:Alphanumeric shellcode - Revision history

imported>Tom.Reding: -redundant class param