http://debianws.lexgopc.com/wiki143/index.php?action=history&feed=atom&title=Talk%3AShellcodeTalk:Shellcode - Revision history2026-05-05T17:16:41ZRevision history for this page on the wikiMediaWiki 1.43.1http://debianws.lexgopc.com/wiki143/index.php?title=Talk:Shellcode&diff=841611&oldid=previmported>Qwerfjkl (bot): Implementing WP:PIQA (Task 26)2024-01-25T08:10:27Z<p>Implementing <a href="/wiki143/index.php?title=WP:PIQA&action=edit&redlink=1" class="new" title="WP:PIQA (page does not exist)">WP:PIQA</a> (<a href="https://en.wikipedia.org/wiki/Bots/Requests_for_approval/Qwerfjkl_(bot)_26" class="extiw" title="wikipedia:Bots/Requests for approval/Qwerfjkl (bot) 26">Task 26</a>)</p>
<p><b>New page</b></p><div>{{WikiProject banner shell|class=B|<br />
{{WikiProject Computer Security|importance=High|computing-importance=mid}}<br />
}}<br />
<br />
== Mayor overhaul ==<br />
<br />
I've rewritten the page and adding more information about alphanumer/printable/unicode shellcode.<br />
I'd like to see more information on:<br />
* Shellcode writting for different processors/operating systems/service packs.<br />
(I can add a lot about win32 shellcode, but my *nix shellcode is a bit rusty and I've never done anything other than IA32)<br />
* Platform spanning shellcode <br />
(Runs on multiple OSes/processor types).<br />
* Egghunt shellcode<br />
(Shellcode exists of small code that scans the process' memory (hunt) for a larger shellcode (egg) that does the actual work. When found, the egg is executed. This is often used when a larger shellcode can be injected, but is hard to execute immediately and a smaller shellcode would be easier to inject and execute as well.) <br />
* Omelete shellcode<br />
(Shellcode exists of small code that scans the process' memory for more small pieces of shellcode (eggs) that are combined to form the original shellcode (omelette), which is executed. This can be used when a large shellcode cannot be injected as a whole, but can be injected in multiple smaller parts.)<br />
* Multi-stage shellcode<br />
(Shellcode downloads and executes a larger second stage shellcode - used when second stage shellcode itself is too large to be injected immediately.)<br />
<br />
- [[User:SkyLined|SkyLined]] ([[User talk:SkyLined|talk]]) 17:04, 29 February 2008 (UTC)<br />
<br />
== Review ==<br />
An assessment was requested over at [[Wikipedia:WikiProject Computing/Assessment]]. I've given this article a B rating. Comprehensible, interesting, reasonably complete (adding more detail would risk [[WP:HOWTO]] infraction) and reasonably well-referenced treatment. Further improvements would include more work on references and reworking some of the prose to eliminate a few unnecessary headings. I'd also like to see discussion of [[Data Execution Prevention]] and other modern countermeasures. Congratulations! --[[User:Kvng|Kvng]] ([[User talk:Kvng|talk]]) 15:51, 30 September 2010 (UTC)<br />
<br />
== This article triggers Antivirus itself! ==<br />
<br />
I noticed that loading the Shellcode page caused my antivirus program (ESET NOD antivirus) to trigger (JS/exploit.Shellcode.A.gen trojan), probably because of a detection mechanism that can't differentiate between displayed and running code. It intercepts the page loading, so I can't see what it reacts to. Perhaps the page can be rewritten so it doesn't contain literal examples of shellcode? [[User:Mumiemonstret|Mumiemonstret]] ([[User talk:Mumiemonstret|talk]]) 21:12, 11 October 2010 (UTC)<br />
:ESET NOD is apparently (over-) reacting to the presence of the character "邐" ( also known as unicode character 9090 as listed on http://en.wikibooks.org/wiki/Unicode/Character_reference/9000-9FFF ), URL-encoded, or encoded as a javascript escape sequence or a html character entity. That's a pretty far cry from a shellcode. It's only relevant to shellcodes in that the character's UTF-16 representation happens to match a 2 bytes sequence frequently used as part of a NOP slide, which many shellcodes rely on. It's clearly a false positive, and the article shouldn't need to dance around ESET NOD to avoid its flagging. Also note that ESET NOD is [http://www.virustotal.com/file-scan/report.html?id=48152e6ba802f2ac370ce3860115f405d2433cdefb671e1b488be97de89945a0-1288607532 the only AV on VirusTotal to flag this page]. [[Special:Contributions/209.131.62.115|209.131.62.115]] ([[User talk:209.131.62.115|talk]]) 10:37, 1 November 2010 (UTC)<br />
<br />
== End game ==<br />
<br />
According to a recent PPT presentation given by T. H., a virus-analyst working at F-Secure of Finland: Windows 7 is immune to shellcode exploitation, which would have stopped the famous EMC-RSA hack attack, had that company migrated its vulnerable WinXP and Vista desktops to Win7 before the spring of 2011. [[Special:Contributions/82.131.210.163|82.131.210.163]] ([[User talk:82.131.210.163|talk]]) 12:15, 7 February 2012 (UTC)<br />
:Not sure what you mean by "shellcode exploitation", but [http://code.google.com/p/win-exec-calc-shellcode/] works just fine on Windows 7. &nbsp;&nbsp;&nbsp;&nbsp;<span style="white-space: nowrap">— [[User:SkyLined|<tt style="text-shadow:#80FF80 0.1em 0.1em 0.2em; color:#008000;">SkyLined</tt>]] <small>([[User_talk:SkyLined|talk]])</small></span> 16:49, 7 February 2012 (UTC)<br />
<br />
== External links modified ==<br />
<br />
Hello fellow Wikipedians,<br />
<br />
I have just modified 8 external links on [[Shellcode]]. Please take a moment to review [[special:diff/814569046|my edit]]. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit [[User:Cyberpower678/FaQs#InternetArchiveBot|this simple FaQ]] for additional information. I made the following changes:<br />
*Added archive https://web.archive.org/web/20100123014637/http://skypher.com/index.php/2010/01/11/download-and-loadlibrary-shellcode-released/ to http://skypher.com/index.php/2010/01/11/download-and-loadlibrary-shellcode-released/<br />
*Added archive https://web.archive.org/web/20090323030636/http://skypher.com/wiki/index.php?title=Shellcode%2Fw32_SEH_omelet_shellcode to http://skypher.com/wiki/index.php?title=Shellcode%2Fw32_SEH_omelet_shellcode<br />
*Added archive https://web.archive.org/web/20120109070051/http://goodfellas.shellcode.com.ar/docz/bof/Writing_shellcode.html to http://goodfellas.shellcode.com.ar/docz/bof/Writing_shellcode.html<br />
*Added archive https://web.archive.org/web/20080302111910/http://www.metasploit.com/shellcode/ to http://www.metasploit.com/shellcode/<br />
*Added archive https://web.archive.org/web/20060619025456/http://www.linux-secure.com/endymion/shellcodes/ to http://www.linux-secure.com/endymion/shellcodes/<br />
*Added archive https://web.archive.org/web/20061112203748/http://www.milw0rm.com/papers/11 to http://www.milw0rm.com/papers/11<br />
*Added archive https://web.archive.org/web/20061115040739/http://www.ngssoftware.com/research/papers/WritingSmallShellcode.pdf to http://www.ngssoftware.com/research/papers/WritingSmallShellcode.pdf<br />
*Added archive https://archive.is/20130219020328/http://libemu.carnivore.it/ to http://libemu.carnivore.it/<br />
<br />
When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.<br />
<br />
{{sourcecheck|checked=false|needhelp=}}<br />
<br />
Cheers.—[[User:InternetArchiveBot|'''<span style="color:darkgrey;font-family:monospace">InternetArchiveBot</span>''']] <span style="color:green;font-family:Rockwell">([[User talk:InternetArchiveBot|Report bug]])</span> 16:30, 9 December 2017 (UTC)<br />
<br />
== Socket re-using shellcode is more elaborate… ==<br />
<br />
Depends on specific piece of software where shellcode is to be applied. Many “classical” network services (such as ones running from [[inetd|inetd.conf]]) serve ''one'' client session per process and already have STDIN/STDOUT facing the client’s side. No special manipulation with file descriptors is necessary. [[User:Incnis Mrsi|Incnis Mrsi]] ([[User talk:Incnis Mrsi|talk]]) 14:14, 4 August 2019 (UTC)<br />
<br />
== Grammatical countability ==<br />
<br />
It can be either "shellcode" (uncountable noun) or "a shellcode" (countable) — unlike, say, "software", where native English speakers do not use the countable "softwares". The article doesn't really make this clear. See Wiktionary [https://en.wiktionary.org/wiki/shellcode]. [[User:Equinox|Equinox]] [[User_talk:Equinox|◑]] 13:31, 17 December 2023 (UTC)<br />
: Do you want anything done about this? It looks like you're making a remark and not suggesting a chance or asking a question, which is what normally happens on the talk page. <span style="padding-left: 2em; white-space: nowrap">— [[User:SkyLined|<span style="font-family: 'Courier New', monospace; text-shadow:#80FF80 0.1em 0.1em 0.2em; color:#008000;">SkyLined</span>]] <small>([[User_talk:SkyLined|talk]])</small></span> 14:33, 17 December 2023 (UTC)<br />
<br />
:: {{reply to|SkyLined}} Well, we could start the article with "In hacking, '''shellcode''' or a '''shellcode''' is..." (to show both forms) but I don't know how long that change would last. Compare what is done with variant spellings in some articles though. [[User:Equinox|Equinox]] [[User_talk:Equinox|◑]] 18:52, 18 December 2023 (UTC)<br />
:::I don't immediately see much use on that; I think this is something a dictionary should explain but i see no need to explain this on Wikipedia. For example, I wouldn't start the page about beer with "beer or a beer is..." But then I have been working on shellcode for decades myself, so maybe this is tribal knowledge that I assume it's obvious but that warrants explaining for most. Maybe others can provide their opinion? <span style="padding-left:2em;white-space:nowrap">— [[User:SkyLined|<span style="font-family:'Courier New',monospace;text-shadow:#80FF80 0.1em 0.1em 0.2em; color:#008000;">SkyLined</span>]]<small>([[User_talk:SkyLined|talk]])</small></span> 23:00, 18 December 2023 (UTC)</div>imported>Qwerfjkl (bot)