Windows/x86 - Egg Omelet SEH Shellcode

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1057562 漏洞类型
发布时间 2009-03-16 更新时间 2009-03-16
漏洞平台 Windows_x86 CVSS评分 N/A
A small piece of shellcode written in assembler that can scan the user-land
address space for small blocks of memory ("eggs") and recombine the eggs into
one large block. When done, the large block is executed. This is useful when you
can only insert small blocks at random locations into a process and not one
contiguous large block containing your shellcode in one piece: this code will
recombine the eggs to create your shellcode in the process and execute it.

This version works only on Windows 32-bit platforms because it uses the Windows
specific Structured Exception Handler (SEH) feature to handle access violations
caused by scanning memory.

More details can be found here:
backup: (
backup: (

I have not had a chance to test this newer version in a live exploit, so do
let me know if you have a chance to use it.


# [2009-03-16]