This is a small post regarding egg hunting on x86 Linux systems. I’d highly recommend you to read skape’s paper “Safely Searching Process Virtual Address Space” . He has described his techniques for Linux and Windows systems. I will be using one of his implementations. I will use the access system call which is 33 for IA-32.
#define __NR_access 33
The access system call can be used the check whether the calling process can access the file.
#include <unistd.h> int access(const char *pathname, int mode);
This is the x86 assembly implementation of the hunger code. It will search the virtual address space for our tag “AAAA” and begin execution of our shellcode. I am not going to explain this implementation. You can refer to skape’s document in higher detail.