Let's theoretically assume I have an overflow vulnerability on a certain service I want to exploit. The service reside in 32bit Operating System on a 64bit Processor.
I'm attempting to wrap my head around the coding challenges in regards to the different architecture used on these layers.
Let's also set aside ASLR, DEP, Rebase, etc. How would the exploit be coded in terms of architecture compatibility if I am to use a shellcode?
The specifics may depend on exactly which architecture pair you are referring to (e.g. amd64 vs x86 or ARM64 vs ARM) and which OS you are referring to. But generally, while the underlying hardware may be capable of executing the instructions from either architecture variation, you can't always freely run the same code across the two due to kernel and userspace constraints. I also don't think you can inject shellcode of a different architecture variant into a running process; not sure if the CPU would know how to handle that.
Regardless of the OS or processor, you should write the shellcode for whatever architecture the target binary itself is compiled for. All of the memory and code that your shellcode will have access to will be limited to whatever architecture the program is. I don't think the architecture of the OS or CPU are too relevant to the running process, as long as it is compatible. Imagine if you had an ARM32 binary running in an ARM64 emulator in an x86 VM running on amd64 hardware. The fact that the bare metal is amd64 has no concern to the binary.
