Assembler Developer

Moderators: None (Apply to moderate this forum)
Number of threads: 959
Number of posts: 1750

Assembler Developer
Subforums
Forum Info
This Forum Only
Post New Thread
Single Post View       Linear View       Threaded View      f

Report
Can anyone help me understand this asm code (It's short) Posted by sh4d0w on 13 Feb 2011 at 10:56 AM
I'm trying to learn shellcode for a project
in comp science

but I’m having a bit of a problem writing it
I’m reading a book called The Shellcoder's Handbook
and it gives me a code that wont work properly
This is the code:
 section     .text
    global _start
_start:
    jmp short      GotoCall
shellcode:
     pop            rsi
     xor            eax, eax
     mov  byte      [esi + 7], al
     lea            ebx, [esi]
     mov  long      [esi + 8], ebx
     mov  long      [esi + 12], eax
     mov  byte      al, 0x0b
     mov            ebx, esi
     lea            ecx, [esi + 8]
     lea            edx, [esi + 12]
     int            0x80
GotoCall:
     Call            shellcode
     db             '/bin/shJAAAAKKKK'

simply put this is supposed to spawn a shell...
but it wont work and when i use gdb to debug it
i get a weird code
this is the gdb output:
gdb ./sclivro
Dump of assembler code for function _start:
0x0000000000400080 <_start+0>:	jmp    0x4000a2 <_start+34>
0x0000000000400082 <_start+2>:	pop    %rsi
0x0000000000400083 <_start+3>:	xor    %eax,%eax
0x0000000000400085 <_start+5>:	addr32 mov %al,0x7(%esi)
0x0000000000400089 <_start+9>:	addr32 lea (%esi),%ebx
0x000000000040008c <_start+12>:	addr32 mov %ebx,0x8(%esi)
0x0000000000400090 <_start+16>:	addr32 mov %eax,0xc(%esi)
0x0000000000400094 <_start+20>:	mov    $0xb,%al
0x0000000000400096 <_start+22>:	mov    %esi,%ebx
0x0000000000400098 <_start+24>:	addr32 lea 0x8(%esi),%ecx
0x000000000040009c <_start+28>:	addr32 lea 0xc(%esi),%edx
0x00000000004000a0 <_start+32>:	int    $0x80
0x00000000004000a2 <_start+34>:	callq  0x400082 <_start+2>
### What is all this???####
0x00000000004000a7 <_start+39>:	(bad)  
0x00000000004000a8 <_start+40>:	(bad)  
0x00000000004000a9 <_start+41>:	imul   $0x414a6873,0x2f(%rsi),%ebp
0x00000000004000b0 <_start+48>:	rex.B
0x00000000004000b1 <_start+49>:	rex.B
0x00000000004000b2 <_start+50>:	rex.B
0x00000000004000b3 <_start+51>:	rex.WXB
0x00000000004000b4 <_start+52>:	rex.WXB
0x00000000004000b5 <_start+53>:	rex.WXB
0x00000000004000b6 <_start+54>:	rex.WXB
End of assembler dump.

I compile the code using yasm and ld
yasm -f elf64 sclivro.asm
ld -o sclivro sclivro.o

i get a segmentation fault error

My OS is Debian 6.0 x64

I have a Intel Celeron processor

My question is... what is all that code below my comment
0x00000000004000a7 <_start+39>:	(bad)  
0x00000000004000a8 <_start+40>:	(bad)  
0x00000000004000a9 <_start+41>:	imul   $0x414a6873,0x2f(%rsi),%ebp
0x00000000004000b0 <_start+48>:	rex.B
0x00000000004000b1 <_start+49>:	rex.B
0x00000000004000b2 <_start+50>:	rex.B
0x00000000004000b3 <_start+51>:	rex.WXB
0x00000000004000b4 <_start+52>:	rex.WXB
0x00000000004000b5 <_start+53>:	rex.WXB
0x00000000004000b6 <_start+54>:	rex.WXB

why is that code there??
and what am i doing wrong?
thanks for your time.

Reply   Share By Email Share By Email
Report
Re: Can anyone help me understand this asm code (It's short) Posted by sh4d0w on 15 Feb 2011 at 4:55 AM
btw i get a seg fault
on mov %al,0x7(%esi)
Program received signal SIGSEGV, Segmentation fault.
0x0000000000400085 in _start ()
(gdb) disas _start
Dump of assembler code for function _start:
0x0000000000400080 <_start+0>:	jmp    0x4000a2 <_start+34>
0x0000000000400082 <_start+2>:	pop    %rsi
0x0000000000400083 <_start+3>:	xor    %eax,%eax
#This line
->0x0000000000400085 <_start+5>:	addr32 mov %al,0x7(%esi)
0x0000000000400089 <_start+9>:	addr32 lea (%esi),%ebx
0x000000000040008c <_start+12>:	addr32 mov %ebx,0x8(%esi)
0x0000000000400090 <_start+16>:	addr32 mov %eax,0xc(%esi)
0x0000000000400094 <_start+20>:	mov    $0xb,%al
0x0000000000400096 <_start+22>:	mov    %esi,%ebx
0x0000000000400098 <_start+24>:	addr32 lea 0x8(%esi),%ecx
0x000000000040009c <_start+28>:	addr32 lea 0xc(%esi),%edx
0x00000000004000a0 <_start+32>:	int    $0x80
0x00000000004000a2 <_start+34>:	callq  0x400082 <_start+2>
0x00000000004000a7 <_start+39>:	(bad)  
0x00000000004000a8 <_start+40>:	(bad)  
0x00000000004000a9 <_start+41>:	imul   $0x414a6873,0x2f(%rsi),%ebp
0x00000000004000b0 <_start+48>:	rex.B
0x00000000004000b1 <_start+49>:	rex.B
0x00000000004000b2 <_start+50>:	rex.B
0x00000000004000b3 <_start+51>:	rex.WXB
0x00000000004000b4 <_start+52>:	rex.WXB
0x00000000004000b5 <_start+53>:	rex.WXB
0x00000000004000b6 <_start+54>:	rex.WXB add    %bpl,(%r14)
End of assembler dump.

Reply   Share By Email Share By Email
Report
This post has been deleted. Posted by mass223 on 2 Mar 2011 at 11:35 PM
This post has been deleted.
Reply   Share By Email Share By Email
Report
This post has been deleted. Posted by mass223 on 2 Mar 2011 at 11:36 PM
This post has been deleted.
Reply   Share By Email Share By Email
Report
Re: Can anyone help me understand this asm code (It's short) Posted by doron_code on 13 Apr 2011 at 10:20 AM


The answer is here:


http://www.formula-gate.com/assembly.aspx

Reply   Share By Email Share By Email



 

Recent Jobs

Home About PH Privacy Statement Hosted SubVersion Hosted Bugtracker Contact Us Advertise Here
Official Programmer's Heaven Blogs
Web Hosting | Browser and Social Games | Gadgets

Popular resources on Programmersheaven.com
Assembly | Basic | C | C# | C++ | Delphi | Flash | Java | JavaScript | Pascal | Perl | PHP | Python | Ruby | Visual Basic
© Copyright 2011 Programmersheaven.com - All rights reserved.
Reproduction in whole or in part, in any form or medium without express written permission is prohibited.
Violators of this policy may be subject to legal action. Please read our Terms Of Use and Privacy Statement for more information.
Operated by CommunityHeaven, a BootstrapLabs company.