Edit: It appears I have a lot more reading to do…
Also, for those telling me this is a bad idea, it’s for a buffer overflow exercise.
I have a fairly simple C program:
int main() { system("cat file | nc -p 33 localhost 8080"); return 0; }
I want to turn it into hex assembly code. Think something like:
x55x43xffx75x13x77...
I tried doing:
gcc -o shell shell.c for i in $(objdump -d shell -M intel |grep "^ " |cut -f2); do echo -n 'x'$i; done;echo
And that gave me a nice long string of hex. But when I tested it in this program, I got a segfault.
code = "x55x43xffx75x13x77..." int main(int argc, char **argv) { int (*func)(); func = (int (*)()) code; (int)(*func)(); }
Anyone know how I can get this working? Thanks! Also, I don’t know if it matters but it’s a 64 bit system.
Advertisement
Answer
You are missing a whole bunch of stuff that the OS does for you between the time the binary code is loaded from disk and it is executed. The function call “system(char *command)” for example: The pointer to the command characters is invalid until the OS loader “fixes” the pointers.
If you are very, very careful you can construct code that does not rely on pointers and can run from any arbitrary address without help from the OS loader. This is how stack overflow exploits are created. Most modern CPUs prevent this code from running by using the memory manager to mark memory as either “DATA” or “CODE” and faulting if your program tries to execute DATA or write to CODE.
What you are trying to do, the OS is trying to prevent.