I have shellcode which run without any error in assembly,but when I put that opcode in driver program and try to invoke it, it doesnt execute that shellcode, it just hangs by running previous C instruction like printing size of shell code.
my system
physical(hardware) system is x86_64
Linux lenova 4.19.0-9-686 #1 SMP Debian 4.19.118-2+deb10u1 (2020-06-07) i686 GNU/Linux
gcc (Debian 8.3.0-6) 8.3.0
GNU ld (GNU Binutils for Debian) 2.31.1
NASM version 2.14
shellcode.asm
global _start
section .text
_start:
jmp msg
proc: mov al, 4
mov bl, 1
pop ecx
mov dl, 12
int 0x80
mov al, 1
mov bl, 1
int 0x80
msg: call proc
db "HellowOworld"
section .data
nasm -felf32 shellcode.asm &&
ld shellcode.o -o shellcode &&
./shellcode
HellowOworld (output)
driver.c
#include<stdio.h>
#include<string.h>
char shellcode[]="\xeb\x0f\xb0\x04\xb3\x01\x59\xb2\x0c\xcd\x80\xb0\x01\xb3\x01\xcd\x80\xe8\xec\xff\xff\xff\x48\x65\x6c\x6c\x6f\x77\x4f\x77\x6f\x72\x6c\x64";
int main(){
printf("Shellcode of size %d \n", (int)strlen(shellcode));
(*(void(*)())shellcode)();
}
gcc -s -fno-stack-protector -z execstack driver.c
./a.out
output=>
Shellcode of size 34
(blankline and hungs)
Related
This question already has answers here:
glibc scanf Segmentation faults when called from a function that doesn't align RSP
(1 answer)
32-bit absolute addresses no longer allowed in x86-64 Linux?
(1 answer)
Closed 3 years ago.
I have problem with assembly program on my VirtualBox.
On VB I have Linux Mint(64 bit). I tried to compile this assembler code(in file my_file.asm):
extern printf
extern scanf
section .data
format: db "%d",0
napis: db "a/b=%d",10,0
section .bss
a: resd 1
b: resd 1
global main
section .text
main:
mov rdi, format
mov rsi, a
xor rax, rax
call scanf
mov rdi, format
mov rsi, b
xor rax, rax
call scanf
mov eax, [a]
xor edx, edx
div dword[b]
ret
At first I type: nasm -f elf64 myfile.asm
Then I type: gcc myfile.o -o myfile
And after this i have this error message:
"/usr/bin/ld: plik.o: relocation R_X86_64_32S against .bss' can not be used when making a PIE object; recompile with -fPIC
/usr/bin/ld: final link failed: Nonrepresentable section on output
collect2: error: ld returned 1 exit status
"
So i add -no-pie to gcc command: gcc -o test test.o -no-pie
Now, when I use ./my_file I have this error: Segmentation fault (core dumped) and I don't know what to do.
I coding assembly with Nasm, i want debug the program using gdb, but it not works when i put a breakpoint and run the program.
The program compile fine and link too, the problem is gdb.
Here is the commands to compile:
nasm -f elf64 -F dwarf -g types.asm
nasm -f elf64 -F dwarf -g functions.asm
nasm -f elf64 -F dwarf -g Hello.asm
ld -g -o Hello Hello.o functions.o types.o
This is the file i want debug Hello.asm:
%include "functions.asm"
section .bss
res: resb 1
fout: resb 1
section .text
global _start: ;must be declared for linker (ld)
section .data
msg db 'Hello, world!', 0xa ;string to be printed
len equ $ - msg ;length of the string
filename db 'hello.txt'
_start: ;tells linker entry point
mov ecx,5
mov edx,4
call sum
mov [res],eax
mov edx,1 ;message length
mov ecx,res ;message to write
mov ebx,1 ;file descriptor (stdout)
mov eax,4 ;system call number (sys_write)
int 0x80 ;call kernel
write_string msg,len
create_file filename
mov [fout],eax
close_file [fout]
call print_msg
mov eax,1 ;system call number (sys_exit)
int 0x80 ;call kernel
sum:
mov eax,ecx
add eax,edx
add eax,'0'
ret
Next i open gdb:
gdb Hello
(gdb) break _start
Function «_start» not defined
¿Compilación de breakpoint pendiente hasta futura cargada de biblioteca compartida? (y or [n]) y
Punto de interrupción 1 (_start) pendiente.
(gdb) run
Starting program: /asm/Hello
9Hello, world!
Hello, world!from another file
[Inferior 1 (process 5811) exited with code 01]
(gdb)
I solved it, i only change position section .data to section .text and the debugger works.I don't know why, but now the gdb take the .start.
.intel_syntax noprefix
.global _start
.text
_start:
mov eax, 4
mov ebx, 1
mov ecx, msg
mov edx, 15
int 0x80
mov eax, 1
mov ebx, 14
int 0x80
.data
msg:
.ascii "Hello, World!\n"
I am trying to compile the above code via GNU AS using the following commands:
asad#Arcturus:~/Desktop/ZJNK$ as --32 -msyntax=intel code.S -o code.o
asad#Arcturus:~/Desktop/ZJNK$ ld -m elf_i386 code.o -o a.out
asad#Arcturus:~/Desktop/ZJNK$ ./a.out
asad#Arcturus:~/Desktop/ZJNK$
But I cannot get any output on the terminal. However, the exit code is still readable:
asad#Arcturus:~/Desktop/ZJNK$ echo $?
14
I am using 64-bit Linux and am able to run the above code via nasm after required changes.
What could have gone wrong?
To load the address of msg, use
mov ecx, offset msg
Im trying to run this shellcode but it throws me: "Segmentation fault" error
The shellcode is the following:
shellcode.asm:
global _start
_start:
jmp short ca
doit:
pop ebx
xor eax, eax
cdq
mov byte [ebx+7], al
mov long [ebx+8], ebx
mov long [ebx+12], eax
lea ecx, [ebx+8]
mov byte al, 0x0b
int 0x80
ca:
call doit
db '/bin/sh'
i compile it with : 'nasm -f elf shellcode.asm'
and link it with: ' ld -m elf_i386 -s -o shellcode shellcode.o
I think the error is when I use mov [ebx+x], al/eax/ebx
because when I erase it from the code y get no error
Thank you
Your problem is that the .text section is not writable by default. The easiest thing to do is put your code into a new custom section that is marked as writable. Add this line at the top of your asm file:
section .shellcode progbits alloc exec write align=16
You could also pass the -N switch to the linker.
Alternatively, you could rewrite the shellcode so that it uses the stack to create the arguments.
[section .data]
strHello db "Hello World"
STRLEN equ $-strHello
MessageLength equ 9
Message db "hi!!!! "
[section .text]
global main
main:
mov edx,STRLEN;
mov ecx,strHello;
mov ebx,1
mov eax,4
int 0x80
call DispStr
mov ebx,0
mov eax,1
int 0x80
DispStr:
mov ax,MessageLength
mov dh,0
mul dh
add ax,Message
mov bp,ax
mov ax,ds
mov es,ax
mov cx,MessageLength
mov ax,01301h
mov bx,0007h
mov dl,0
int 10h
ret
Compile and run:
$ nasm -f elf64 helloworld.asm -o helloworld.o
$ gcc -s -o helloworld helloworld.o
helloworld.o: In function `DispStr':
helloworld.asm:(.text+0x31): relocation truncated to fit: R_X86_64_16 against `.data'
collect2: ld return 1
This exact error happens because at:
add ax,Message
ax is only 16-bit wide, but Message is a 64-bit wide address, so it won't fit during relocation.
I have explained this error in detail at: https://stackoverflow.com/a/32639540/895245
The solution in this case is to use a linker script as mentioned at: Using .org directive with data in .data section: In connection with ld
This repository contains working examples of boot sectors and BIOS: https://github.com/cirosantilli/x86-bare-metal-examples/tree/d217b180be4220a0b4a453f31275d38e697a99e0
Since you're in 64-bit mode, you won't be able to use BIOS functions (i.e. the int 10h instruction). Even if you could, BIOS uses a different addressing mechanism, so attempting to use the address of Message wouldn't work anyway.
Also, wouldn't the first 3 lines of the DispStr function zero out ax? (since you're multiplying by dh, which was just set to zero)