shellcode

Why does my data section appear twice in the compiled binary? Ubuntu, x86, nasm, gdb, reaelf

邮差的信 提交于 2020-07-21 03:49:07
问题 A prior related question was answered. Thank you! However this creates a new question for me. Why does nasm put data bytes at two different memory locations? I include program information and other data dump below. ---------- code snippet compiled with nasm, ld ----------------- section .text ... zero: jmp short two one: pop ebx xor eax, eax mov [ebx+12], eax mov [ebx+8], ebx mov [ebx+7], al lea ecx, [ebx+8] lea edx, [ebx+12] mov al, 11 int 0x80 two: call one section .data align=1 msg: db '

Can i execute code that resides in data segment (ELF binary)?

百般思念 提交于 2020-05-25 08:28:28
问题 In the way to understanding binaries (Virtual memory layout, execution...etc), I've written a C code that declares a global string which contains bytes of an executable code, then i overwrote the return address from the main() function to that executable code using a simple trick by declaring a pointer ( PTR ) in main() which is a local area of memory reserved on the stack 2 WORDS far away from the return address from the main() , so all i do is assigning the address of the return address to

Can i execute code that resides in data segment (ELF binary)?

耗尽温柔 提交于 2020-05-25 08:27:09
问题 In the way to understanding binaries (Virtual memory layout, execution...etc), I've written a C code that declares a global string which contains bytes of an executable code, then i overwrote the return address from the main() function to that executable code using a simple trick by declaring a pointer ( PTR ) in main() which is a local area of memory reserved on the stack 2 WORDS far away from the return address from the main() , so all i do is assigning the address of the return address to

add 16 bits to 64 bits register [duplicate]

这一生的挚爱 提交于 2020-01-30 08:38:28
问题 This question already has answers here : Issue storing a byte into a register x86-64 assembly (1 answer) Why can't I move directly a byte to a 64 bit register? (2 answers) Closed 2 years ago . Here is what i want to do: add rsi, word [rsi+16] I want to read the unsigned short value which is at rsi+16 adress. And i want to add this value to rsi. Here is the error i get in nasm: s2.asm:62: error: mismatch in operand sizes This is strange. Why nasm and my cpu are not able to add 16 bits to 64

add 16 bits to 64 bits register [duplicate]

喜夏-厌秋 提交于 2020-01-30 08:38:26
问题 This question already has answers here : Issue storing a byte into a register x86-64 assembly (1 answer) Why can't I move directly a byte to a 64 bit register? (2 answers) Closed 2 years ago . Here is what i want to do: add rsi, word [rsi+16] I want to read the unsigned short value which is at rsi+16 adress. And i want to add this value to rsi. Here is the error i get in nasm: s2.asm:62: error: mismatch in operand sizes This is strange. Why nasm and my cpu are not able to add 16 bits to 64

GAS assembler not using 2-byte relative JMP displacement encoding (only 1-byte or 4-byte)

混江龙づ霸主 提交于 2020-01-24 13:57:58
问题 I am trying to write shellcode for a CTF challenge that does not allow for 0x00 bytes (it will be interpreted as a terminator). Due to restrictions in the challenge, I must do something like this: [shellcode bulk] [(0x514 - sizeof(shellcode bulk)) filler bytes] [fixed constant data to overwrite global symbols] [shellcode data] It looks something like this .intel_syntax noprefix .code32 shellcode: jmp sc_data shellcode_main: #open xor eax, eax pop ebx //file string xor ecx, ecx //flags xor edx

What is proper way to call execve with arguments in assembly?

穿精又带淫゛_ 提交于 2020-01-24 11:17:50
问题 I am trying to execute the following with execve : /bin//nc -lnke /bin/bash -p 4444 When reading the man page for execve , I see the following requirements: int execve(const char *filename, char *const argv[], char *const envp[]); The issue I am running into is pushing arguments to argv ; I do not understand how you push an array (in assembly) for this to work properly. The assembly that I am currently using is below: global _start _start: xor eax, eax ; command push eax push 0x636e2f2f push

What is proper way to call execve with arguments in assembly?

安稳与你 提交于 2020-01-24 11:17:30
问题 I am trying to execute the following with execve : /bin//nc -lnke /bin/bash -p 4444 When reading the man page for execve , I see the following requirements: int execve(const char *filename, char *const argv[], char *const envp[]); The issue I am running into is pushing arguments to argv ; I do not understand how you push an array (in assembly) for this to work properly. The assembly that I am currently using is below: global _start _start: xor eax, eax ; command push eax push 0x636e2f2f push

Address woes from Hacking: The Art of Exploitation [closed]

不问归期 提交于 2020-01-13 07:24:32
问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 6 years ago . I bought this book recently titled: Hacking: The Art of Exploitation (2nd Edition) and it's been bugging me so much lately. Anyway, with one of the examples, firstprog.c : #include <stdio.h> int main() { int i; for(i=0; i < 10; i++) { // Loop 10 times. printf("Hello, world!\n"); // put the string to the output.

Shellcode testing gone wrong

痴心易碎 提交于 2020-01-07 02:25:08
问题 Hey I'm using a bit of code most of you are familiar with. It basically takes an array of characters and casts it as a function pointer. With this code you can theoretically test any shellcode's functionality with it, and it would be a very valuable program for my work, if it would behave... I'm doing this on Windows XP SP3, and am using MinGW's gcc to compile and gdb to debug the damn thing. Here's what I've got... unsigned char code[] = "\x90\x90\x90\x90\x90\x90\x90\x90"; main() { printf(