Newest Post: VoidShell Library: Destiny Notes

Good afternoon, readers. Oh yeah, this is going to be the first blog entry of 2026, so let us begin by talking about the VoidShell library's future. As many of you can guess, this library initially started as an ASM x86 program inside a ST file, which was loaded by the engine through a SuperNull exploit (The StateDef Overflow engine vulnerability was used as main vector back then), and despite you could expect, it was simpler than the current version. "Eikidankai" was the first name given to said library and early build versions were used on a few known characters (such as x00x00x or Void.Schmelze) to withstand most SuperNull enemies from the past decade. However, there was no real defense behind it, as it just seals most of the engine vulnerabilities while hooking some primary functions, causing their exploits to be effectively blocked but also rendering them unstable. They were eventually left as PoC characters while the Eikidankai program had to be reworked from scrat...
0

WinMUGEN Exploits: Command Trigger Buffer Overflow

Good evening, my friends.
Well, today we are going to talk about a new exploit, found in WinMUGEN.

Information provided by ydccdy, a Chinese MUGEN author, has revealed the existence of an exploit found in the CMD processor, the command expressions to be exact., whose main function is to trigger determined actions from the commands written in StateDef -1.

After having taken a look at the exploit, I have noticed the command name length is fixed to 64 bytes, giving the chance to execute arbitrary code from a CMD expression by surpassing this length, basically a buffer overflow.

What M.U.G.E.N authors put in their state controllers to make use of the commands, either it can be used to execute arbitrary code, for example, these 2 pictures:


Command = "Insert all your shellcode here, it is less versatile, but well. 1234"
Note: The 1234 characters are used as a return address for the exploit.

I have made this character after spending a few hours to program its arbitrary code, but the results were worth, so...

(> Click here to download this character <) 

As a conclusion, I can say this method is really less versatile than the SuperNull one, but if you manage to put all your shellcode into command slices, the execution may be interesting to see...

 Well, that is all for today, stay tuned for new content!
Have a nice day.


Comments

Post a Comment