Im a beginner in Linux and exploitation things.. and I'm trying to figure out what is a kernel space shellcode and how can we debug it .. Thanks in advance =)
Asked
Active
Viewed 419 times
1 Answers
2
Shellcode are machine code instructions contained in data. They are used when exploiting buffer overrun and other vulnerabilities that cause the data you supply to be copied over existing code, or allow you to set a return address to a buffer filled with your shellcode.
Debugging kernel mode shellcode would require a kernel debugger. Place a breakpoint in the vulnerable kernel code, perform your exploit, and single step as control transfers to the shellcode.
Ben Voigt
- 277,958
- 43
- 419
- 720
-
this post was flagged by the NSA +1 – hek2mgl Jul 15 '13 at 19:59
-
@hek2mgl: This is the same method used by security researchers (inside an isolated environment, such as a virtual machine, of course!) to observe how malware works and defeat it. There's no "enabling" information in my answer that helps write malware. – Ben Voigt Jul 15 '13 at 20:00