38 lines
2.0 KiB
Plaintext
38 lines
2.0 KiB
Plaintext
Known issues
|
|
============
|
|
:title: Shellcode Compiler Runtime
|
|
|
|
The following sections describe known issues in the Shellcode Compiler and its runtime environment.
|
|
|
|
Compiler bugs
|
|
-------------
|
|
* Floating point doesn't work at all.
|
|
* Structure copies using the "`=`" operator do not work. Use link:memcpy.html[memcpy] instead.
|
|
* Structure parameters passed by value do not work. Structure parameters passed by pointer are working.
|
|
* Structure return values are not implemented. Pass a pointer to the return value as a parameter instead.
|
|
* When the `--encode-pointers` option is enabled, `NULL` function pointers do not work.
|
|
* Code output is much larger than desired. The code generation system is not complete.
|
|
* Improper circular includes are not detected. The compiler will crash with a stack overflow.
|
|
|
|
Missing features
|
|
----------------
|
|
* Structure packing is not supported.
|
|
* Blacklisted code generation is not implemented. Use an external encoder if the shellcode must not
|
|
have byte values that are present in the output of the compiler.
|
|
* Polymorphic code generation is very limited. Register allocation is randomized and basic block
|
|
ordering is present, but instruction sequences are constant between runs.
|
|
* Built-in encoders and decoders (using the `--encoder` and `--decoder` command line options)
|
|
are not implemented.
|
|
* The `--return-reg` and `--return-reg-high` options are not implemented.
|
|
* The `__initial_<reg>` variables are not implemented. Passing arguments to shellcode on the
|
|
stack using parameters to `main` is supported.
|
|
* The `--base` option is not implemented. By default, shellcode is automatically output using
|
|
pure position independent code.
|
|
* The `--preserve` option is not implemented.
|
|
|
|
Runtime issues
|
|
--------------
|
|
* Setting a signal handler on 64-bit Linux or Mac OS X that is not `SIG_DFL` or `SIG_IGN` will cause the program to
|
|
crash when the signal is received. The reason is not known. Additionally, even if it did not crash the
|
|
parameters would not be correct, as the wrong calling convention is used (this is not the cause of the crash).
|