Conversation

This Tweet is unavailable. Learn more

namazso

@namazso

I still don't understand what's the point of these "releases". If you want to execute code without allocating executable memory just implement an interpreter. It's simpler, better, faster, less suspicious, and everyone is already doing it.

11:32 AM · Feb 15, 2022

6

Likes

1

Bookmark

Bill Demirkapi

@BillDemirkapi

·

Feb 15, 2022

You believe packaging an entire interpreter in your application is more stealthy than abusing existing instructions through SEH? I am having trouble seeing how an interpreter would be "simpler" or "less suspicious". Got any public examples?

2

1

namazso

@namazso

·

Feb 15, 2022

I implemented a tiny Pawn (https://compuphase.com/pawn/pawn.htm ) interpreter as a one day project: https://github.com/namazso/PawnPP - as for less suspicious: how do you think a software would be able to prove something is Turing complete? scanning or looking for exception handlers on the other hand..

2

1

2

Show replies

Bill Demirkapi

@BillDemirkapi

·

Feb 15, 2022

Side note, this was meant to be an introductory article to EOP (hence the "part 1") as I found uses outside of environments where you already have code execution such as to augment ROP.

1