shellcode writting

1. to Write shellcode:
2.  
3. 1.always try use alternative of MOV
4.  
5. 2.if there is string ,use PUSH and POP (some time it may create nullbyte)
6.  
7. 3.No need to use PUSH AND POP for integer number , use ( mov [fd],eax Or mov eax,[fd] )
8.  
9. sometimes it may generate null byte but not at all
10.  
11. 4.Use XOR for EAX,EBX,ECX,EDX
12.  
13. 5.using MOV for Those variable reserved in .bss section Won't create null byte (1st XOR ecx,ecx)
14.  
15. Example:
16.  
17. section .bss
18. var resb 20
19.  
20. section .text
21. xor ecx,ecx
22. .............
23.  
24. ;other code
25.  
26. .............
27.  
28. mov ecx,var ; EAX,EBX,EDX can be used and other registers
29.  
30. 6.using ESI,EDI after XOR esi,esi Or XOR EDI,EDI won't create nullbyte
31. example:
32. section. data
33. msg db "hello"
34. section .text
35. xor esi,esi
36. xor edi,edi
37. ..............
38. mov esi,msg
39. ..............
40. mov edi,msg
41.  
42. 7.LEA command doesn't create null byte
43.  
44. 8.this won't create nullbyte
45.  
46. jmp short one
47. two:
48. ................
49. ................
50. ;other code
51. ................
52.  
53. one:
54. call two
55. ................
56.  
57. 8.XCHG instruction won't create null byte
58. example:
59.  
60. section .data
61. msg db "hello"
62.  
63. .............
64. ............
65. ..........
66. xchg ecx,msg
67. ..........
68.  
69.  
70. xchg eax,edi
71. xchg eax,esi
72.  
73. XCHG create null byte for these instructions
74. xchg eax,4
75. xchg edx,len
76. xchg ebx,1
77. ...............
78.  
79. 9.ADDing number to EDX won't create nullbyte(this for only little number if the number is big ,use number 10 method)
80. EXAMPLE:
81.  
82. mov edx,0x31d
83.  
84. 10.ADDing too long number cause null byte
85. ADD edx,0x9a8e0f072c
86. here Use MOV
87.  
88. 11.these won't create null byte
89. MOV ECX,ESP
90. MOV EDI,ESP
91. and like this