OSED TIPS — EXP DEV x86

Some tips about assembly and exploit development on Windows x86.

INTRODUCTION

The article was created for all those who asked me for some of my notes. I have paraphrased them and cut out a large part to avoid plagiarising the EXP-301 course material. There are some tips about x86 assembly and exploit development on Windows. I hope it will prove useful to those interested in OSED certification or simply learning about the topic.

TIPS & TRICKS — NOTES

Below you can find my notes in the form of TIPS & TRICKS. Enjoy!

STACK PIVOTING WITH SUB|ADD ESP

Use sub esp,127; jmp esp; to get back to the beginning of your buffer.

• 127 (0x7F) is the maximum number without 0x00 bytes.
• You can use it several times to jump more than 127B backwards.

AVOID NULL BYTES WITH SMALLER BOXES

Use 16-bit or 8-bit instead of 32-bit registers.

• Instead of using sub esp,127 a few times, you can use the 16b register: