Skip to Main Content
Sockets, Shellcode, Porting, and Coding: Reverse Engineering Exploits and Tool Coding for Security Professionals
book

Sockets, Shellcode, Porting, and Coding: Reverse Engineering Exploits and Tool Coding for Security Professionals

by James C Foster
April 2005
Intermediate to advanced content levelIntermediate to advanced
700 pages
20h 39m
English
Syngress
Content preview from Sockets, Shellcode, Porting, and Coding: Reverse Engineering Exploits and Tool Coding for Security Professionals
The last three look very common for port binding shellcode that reuses an existing
network socket but what about socketcall()? Let’s have a look at the four pieces of code
in which the found system calls are used, beginning with the socket call.
Socketcall is an interface to several socket functions.The first argument of socketcall,
which is stored in EBX contains the identifier of the function that needs to be used. In
the code we see that the value 0x7 is put in EBX at line 17, right before the kernel is
called.This means that the getpeername function is being used.The second argument of
the socket call is a pointer to the arguments that have to be given to the function
defined in the first argument.
The getpeername function returns the name of a peer ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

32/64-Bit 80x86 Assembly Language Architecture

32/64-Bit 80x86 Assembly Language Architecture

James Leiterman

Publisher Resources

ISBN: 9781597490054