shellcode

问题 A prior related question was answered. Thank you! However this creates a new question for me. Why does nasm put data bytes at two different memory locations? I include program information and other data dump below. ---------- code snippet compiled with nasm, ld ----------------- section .text ... zero: jmp short two one: pop ebx xor eax, eax mov [ebx+12], eax mov [ebx+8], ebx mov [ebx+7], al lea ecx, [ebx+8] lea edx, [ebx+12] mov al, 11 int 0x80 two: call one section .data align=1 msg: db '

问题 In the way to understanding binaries (Virtual memory layout, execution...etc), I've written a C code that declares a global string which contains bytes of an executable code, then i overwrote the return address from the main() function to that executable code using a simple trick by declaring a pointer ( PTR ) in main() which is a local area of memory reserved on the stack 2 WORDS far away from the return address from the main() , so all i do is assigning the address of the return address to

问题 In the way to understanding binaries (Virtual memory layout, execution...etc), I've written a C code that declares a global string which contains bytes of an executable code, then i overwrote the return address from the main() function to that executable code using a simple trick by declaring a pointer ( PTR ) in main() which is a local area of memory reserved on the stack 2 WORDS far away from the return address from the main() , so all i do is assigning the address of the return address to

问题 This question already has answers here : Issue storing a byte into a register x86-64 assembly (1 answer) Why can't I move directly a byte to a 64 bit register? (2 answers) Closed 2 years ago . Here is what i want to do: add rsi, word [rsi+16] I want to read the unsigned short value which is at rsi+16 adress. And i want to add this value to rsi. Here is the error i get in nasm: s2.asm:62: error: mismatch in operand sizes This is strange. Why nasm and my cpu are not able to add 16 bits to 64

问题 This question already has answers here : Issue storing a byte into a register x86-64 assembly (1 answer) Why can't I move directly a byte to a 64 bit register? (2 answers) Closed 2 years ago . Here is what i want to do: add rsi, word [rsi+16] I want to read the unsigned short value which is at rsi+16 adress. And i want to add this value to rsi. Here is the error i get in nasm: s2.asm:62: error: mismatch in operand sizes This is strange. Why nasm and my cpu are not able to add 16 bits to 64

问题 I am trying to write shellcode for a CTF challenge that does not allow for 0x00 bytes (it will be interpreted as a terminator). Due to restrictions in the challenge, I must do something like this: [shellcode bulk] [(0x514 - sizeof(shellcode bulk)) filler bytes] [fixed constant data to overwrite global symbols] [shellcode data] It looks something like this .intel_syntax noprefix .code32 shellcode: jmp sc_data shellcode_main: #open xor eax, eax pop ebx //file string xor ecx, ecx //flags xor edx

问题 I am trying to execute the following with execve : /bin//nc -lnke /bin/bash -p 4444 When reading the man page for execve , I see the following requirements: int execve(const char *filename, char *const argv[], char *const envp[]); The issue I am running into is pushing arguments to argv ; I do not understand how you push an array (in assembly) for this to work properly. The assembly that I am currently using is below: global _start _start: xor eax, eax ; command push eax push 0x636e2f2f push

问题 I am trying to execute the following with execve : /bin//nc -lnke /bin/bash -p 4444 When reading the man page for execve , I see the following requirements: int execve(const char *filename, char *const argv[], char *const envp[]); The issue I am running into is pushing arguments to argv ; I do not understand how you push an array (in assembly) for this to work properly. The assembly that I am currently using is below: global _start _start: xor eax, eax ; command push eax push 0x636e2f2f push

问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 6 years ago . I bought this book recently titled: Hacking: The Art of Exploitation (2nd Edition) and it's been bugging me so much lately. Anyway, with one of the examples, firstprog.c : #include <stdio.h> int main() { int i; for(i=0; i < 10; i++) { // Loop 10 times. printf("Hello, world!\n"); // put the string to the output.

问题 Hey I'm using a bit of code most of you are familiar with. It basically takes an array of characters and casts it as a function pointer. With this code you can theoretically test any shellcode's functionality with it, and it would be a very valuable program for my work, if it would behave... I'm doing this on Windows XP SP3, and am using MinGW's gcc to compile and gdb to debug the damn thing. Here's what I've got... unsigned char code[] = "\x90\x90\x90\x90\x90\x90\x90\x90"; main() { printf(