{"id":795,"date":"2014-02-05T12:45:03","date_gmt":"2014-02-05T11:45:03","guid":{"rendered":"http:\/\/www.floyd.ch\/?p=795"},"modified":"2023-05-31T08:08:13","modified_gmt":"2023-05-31T07:08:13","slug":"mona-codealign","status":"publish","type":"post","link":"https:\/\/www.floyd.ch\/?p=795","title":{"rendered":"mona codealign"},"content":{"rendered":"

I’m happy to announce that the unicode code alignment feature mentioned in another post<\/a> made it into the main corelan mona repository. As usual, mona can be downloaded from the official mona repository<\/a>. Usage:<\/p>\n

\r\nGenerates a venetian shellcode alignment stub which can be placed directly before unicode shellcode.\r\n\r\nArguments:\r\n    -a <address>      : Specify the address where the alignment code will start\/be placed\r\nOptional arguments:\r\n    -l                : Prepend alignment with a null byte compensating nop equivalent\r\n                        (Use this if the last instruction before the alignment routine 'leaks' a null byte)\r\n    -b <reg>          : Set the bufferregister, defaults to eax\r\n    -t <seconds>      : Time in seconds to run heuristics (defaults to 15)\r\n    -ebp <value>      : Overrule the use of the 'current' value of ebp, \r\n                        ebp\/address will be used to calculate offset to shellcode\r\n<\/pre>\n
Instead of “!mona unicodealign” you can use the short version “!mona ua”. Here’s a short video on how the new feature can be used:<\/p>\n
Watch the video on Vimeo<\/a><\/p>\n
Although I used the -a argument, if your EIP is already at the correct position (as in the video) you can simply run “!mona ua” without any arguments.<\/p>\n","protected":false},"excerpt":{"rendered":"
I’m happy to announce that the unicode code alignment feature mentioned in another post made it into the main corelan mona repository. As usual, mona can be downloaded from the official mona repository. Usage: Generates a venetian shellcode alignment stub … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[103],"tags":[131,104,109,135,107,105,136],"class_list":["post-795","post","type-post","status-publish","format-standard","hentry","category-overflow-exploits","tag-buffer-overflow","tag-code-alignment","tag-corelan","tag-mona","tag-seh","tag-unicode","tag-venetian-shellcode-alignment"],"_links":{"self":[{"href":"https:\/\/www.floyd.ch\/index.php?rest_route=\/wp\/v2\/posts\/795","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.floyd.ch\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.floyd.ch\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.floyd.ch\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.floyd.ch\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=795"}],"version-history":[{"count":13,"href":"https:\/\/www.floyd.ch\/index.php?rest_route=\/wp\/v2\/posts\/795\/revisions"}],"predecessor-version":[{"id":1358,"href":"https:\/\/www.floyd.ch\/index.php?rest_route=\/wp\/v2\/posts\/795\/revisions\/1358"}],"wp:attachment":[{"href":"https:\/\/www.floyd.ch\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=795"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.floyd.ch\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=795"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.floyd.ch\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=795"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}