Quote:
Originally Posted by Naydef
Looks well, but I'm not sure if you can call functions in buffer for data. Does SDKCall() already call VirtualProtect() with execute flag?
|
If you look at the SourceMod source code, namely the CallWrapper::Execute method, then you can see that VirtualProtect() is not called. There's just the pointer to the code that will be called. No manipulation of the code memory occurs.
Quote:
Originally Posted by Naydef
What about Linux? Probably we can call kernel with int 80h.
|
Yes, in Linux, you can use int 80h to call the kernel, but I did not reproduce it myself, because my server uses Windows. In theory this is very much possible.
Quote:
Originally Posted by Naydef
This makes me think you can exploit/hack servers/OS only with embedding shellcode in plugin.
|
Yes, this will allow you to write a plugin that will have access to the WinAPI/NativeAPI/LinuxKernel functions, with all the consequences, of course, but I think you will not have trouble checking out source code of the plugin before installing it on the server. But if you are developing your own plugin, then this will give you a number of possibilities, as for me.