Foreword

Abstract: This paper describes the process of implementing a custom encoder for the x86 architecture. To help set the stage, the McAfee Subscription Manager ActiveX control vulnerability, which was discovered by eEye, will be used as an example of a vulnerability that requires the implementation of a custom encoder. In particular, this vulnerability does not permit the use of uppercase characters. To help make things more interesting, the encoder described in this paper will also avoid all characters above 0x7f. This will make the encoder both UTF-8 safe and tolower safe.

Challenge: The author believes that a UTF-8 safe and tolower safe encoder could most likely be implemented in a much more optimized fashion that incurs far less overhead in terms of size. If any reader has ideas about ways in which this might be approached, feel free to contact the author. A bonus challenge would be to identify a geteip technique that can be used with these character limitations.