How to pass \x00 as argument to program?

Question

I have a small program where I wish to pass shellcode as argument. In the shellcode, there is a necessity to pass \\x00. I tried the following command:

./pro         


        

Answer 1

You can try this,

main.out `perl -e 'print "xxxxssssdd\x23\x00\xaf"'`

and

perl -e 'print "xxxxssssdd\x23\x00\xaf"' | wc -c
13

It proves \x00 is passed.

By the way, I find c program surely stip \00 in argv in my test. You can examine the argv such as,

 x /8sb 0x7fffffffe46a
0x7fffffffe46a: "/home/victor/Documents/CDemo/overflow/shellcode2/shellcode_host.out"
0x7fffffffe4ae: '\220' , "\353#YUH\211\345@\200\354\200H\211M\220H1\300H\211E\230H\211\302H\215u\220H\213}\220\260;\017\005\350\330\377\377\377/bin/sh\200\337\377\377\377\177"
0x7fffffffe4fb: "LC_PAPER=zh_CN.UTF-8"

So I guess shell or c program can stip \x00 chararcter automatically.Maybe someone can explain why it happens.

But we have other technique to avoid \x00 in shellcode.

mov     $59, %al # not %rax 
sub    $0x80, %spl  # not %rsp
xorq    %rax,  %rax # construct 0 value with rax

You can refer to the article. https://www.exploit-db.com/docs/english/13019-shell-code-for-beginners.pdf