Domanda

I want to display an hello world from shellcode, c code is simple:

#include <stdio.h>

char shellcode[] = "\xeb\x17\x59\x31\xc0\xb0\x04\x31\xdb\x43\x31\xd2\xb2\x0f\xcd\x80\xb0\x01\xbb\x00\x00\x00\x00\xcd\x80\xe8\xe4\xff\xff\xff\x48\x65\x6c\x6c\x6f\x20\x73\x68\x65\x6c\x6c\x21\x0a\x0d";

int main(int argc, char **argv){

int (*func)();

func = (int (*)()) shellcode;

(int)(*func)();

return 0;
}

problem should be in the assembly file, here it is:

BITS 32
jmp short one

;write hello world on standard output
two:
pop ecx  ;i get string address
xor eax,eax 
mov al,4 
xor ebx,ebx
inc bl ;bl should be 1
xor edx,edx
mov dl,15
int 0x80

;exit with status 0
mov al,1
xor ebx,ebx
int 0x80

one:
call two
db "Hello shell!",0x0a,0x0d

code works good but does not exits after displaying "hello shell!", on the contrary it keeps displaying this sentence like in an infinite loop.

È stato utile?

Soluzione

It seems that first int 0x80 returns the return value in eax. After that you set al to 1, but not eax.

So you should change your code to:

mov eax,1
xor ebx,ebx
int 0x80
Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow
scroll top