linux - Loading raw code from C program -

-

i'm writing program loads , executes code file. got problem: "write" syscall not work. code loads , executes, not display text on screen.

program loads code:

#include < stdio.h > #include < stdlib.h >  int main(int argc,char* argv[]) {     unsigned int f_size = 0;     unsigned char* code_buf = null;     void (*func_call)(void) = null;      if(argc < 2)      {         printf("usage: %s <file>\n",argv[0]);         return 1;     }      file* fp = fopen(argv[1],"rb");     if(!fp)     {         printf("error while opening file: %s\n",argv[1]);         return 1;     }      unsigned int fsize = 0;     fseek(fp,0,seek_end);     fsize = ftell(fp);     fseek(fp,0,seek_set);     if(fsize < 4)     {         printf("code size must > 4 bytes\n");         return 1;     }      code_buf = (unsigned char*) malloc(sizeof(unsigned char)*fsize);     if(fread(code_buf,fsize,1,fp)<1)     {         printf("error while reading file: %s\n",argv[1]);         free(code_buf);         return 1;     }     func_call = (void (*)(void)) code_buf;      printf("[exec] binary loaded\n"            "\tfirst 2 bytes: 0x%x 0x%x\n"            "\tlast 2 bytes: 0x%x 0x%x\n",            code_buf[0],code_buf[1],            code_buf[fsize-2],code_buf[fsize-1]);     printf("[exec] starting code...\n");     (*func_call)();     printf("[exec] code executed!\n");      free(code_buf);      return 0; }

code trying execute program (test.s):

.text     movl    $4, %eax     movl    $1, %ebx     movl    $str, %ecx     movl    $5, %edx     int     $0x80     jmp end     str:         .string "test\n"     end:     ret

here how compile it:

 gcc -c test.s  objcopy -o binary test.o test.bin

solved, @christoph

there working code:

.text     call start     str:         .string "test\n"     start:     movl    $4, %eax     movl    $1, %ebx     pop     %ecx     movl    $5, %edx     int     $0x80     ret

your approach can't work: shellcode must position-independant, code refers absolute address str. unconditional jump can either relative or absolute: make sure relative verison (opcodes eb , e9 on x86).

see the technique of writing portable shell code more information.


Comments

Post a Comment

Popular posts from this blog

Javascript line number mapping -

-
magically formatted comments change reported line number of javascript errors in browsers; this: //@line n "f" n line number , f file name. unfortunately, //@line appears ungoogleable. know there documentation on feature, , browsers support it? (i found references here , here .) from can find available in mozilla based browsers. it using js_setoptions command can turn these options on or off depending on values passed. https://developer.mozilla.org/en/js_setoptions
Read more

c# - Is it possible to remove an existing registration from Autofac container builder? -

-
something along lines: builder.registertype<mytype>().as<itype>(); builder.registertype<mytype2>().as<itype>(); builder.deregistertype<mytype>().as<itype>() var container = builder.build(); var types = container.resolve<ienumerable<itype>>(); assert.istrue(types.count == 1); assert.istrue(types[0].gettype == typeof(mytype2)); scenario: go through bunch of assemblies , go register types want make sure have 1 implementation of given type. need before create container. track on own nice if autofac me bit. this cannot done directly using containerbuilder , unless start on new one. mind you, having first built container should able construct new container filtering away unwanted types , reusing registrations first container. this: ... var container = builder.build(); builder = new containerbuilder(); var components = container.componentregistry.registrations .where(cr => cr.activator.limittype != typ...
Read more

php - Mysql PK and FK char(36) vs int(10) -

-
i have read mysql can handle indexes , searches better if tables keys integers rather char(36) uuid's. is worth converting int(10)? note: use 1 server , have have plans use multiple databases concurrently therefore removing 1 of big reasons using uuid. our tables innodb if makes difference. thanks in advance. usually rdbms can handle integer keys pk more efficient, other datatypes. reason how build index column, yes: long dont require string (or other typed) keys, should use integers. however: char(36) , int(10) far away being equal, because int(10) much smaller, char(36). dont know, if require many different keys, should keep in mind. update, complete last paragraph: int(10) 32-bit, char(36) 36 - ^byte^ (= 288-bit). not mean, int consumes less space, means, char(36) has 4 times more different keys.
Read more