如何从机器代码中删除 NULL (00)?
我需要知道如何从机器代码中删除 null (00)。我用汇编语言编写了代码。运行成功。我需要不带 NULL 的输出
.data
Bash:
.asciz "/bin/hostname"
Null1:
.int 0
AddrToBash:
.int 0
NULL2:
.int 0
.text
.globl _start
_start:
#execute routine
xor %eax,%eax
movl $Bash, AddrToBash
movl $11,%eax
movl $Bash,%ebx
movl $AddrToBash,%ecx
movl $NULL2,%edx
int $0x80
#exit routine
Exit:
movl $10,%ebx
movl $1,%eax
int $0x80
以下输出是
4000b0: 31 c0 xor %eax,%eax
4000b2: c7 04 25 f2 00 60 00 movl $0x6000e0,0x6000f2
4000b9: e0 00 60 00
4000bd: b8 0b 00 00 00 mov $0xb,%eax
4000c2: bb e0 00 60 00 mov $0x6000e0,%ebx
4000c7: b9 f2 00 60 00 mov $0x6000f2,%ecx
4000cc: ba f6 00 60 00 mov $0x6000f6,%edx
4000d1: cd 80 int $0x80
00000000004000d3 <Exit>:
4000d3: bb 0a 00 00 00 mov $0xa,%ebx
4000d8: b8 01 00 00 00 mov $0x1,%eax
4000dd: cd 80 int $0x80
如何删除 00, 我做了像eax
到al
,bx
到bl blahahahahahaha......但不起作用 有人可以修改它吗......
I need to know how i remove the null (00) from machine code. i wrote the code in Assembly Language. It running Successfully. I need the output without NULL
.data
Bash:
.asciz "/bin/hostname"
Null1:
.int 0
AddrToBash:
.int 0
NULL2:
.int 0
.text
.globl _start
_start:
#execute routine
xor %eax,%eax
movl $Bash, AddrToBash
movl $11,%eax
movl $Bash,%ebx
movl $AddrToBash,%ecx
movl $NULL2,%edx
int $0x80
#exit routine
Exit:
movl $10,%ebx
movl $1,%eax
int $0x80
The following Output is
4000b0: 31 c0 xor %eax,%eax
4000b2: c7 04 25 f2 00 60 00 movl $0x6000e0,0x6000f2
4000b9: e0 00 60 00
4000bd: b8 0b 00 00 00 mov $0xb,%eax
4000c2: bb e0 00 60 00 mov $0x6000e0,%ebx
4000c7: b9 f2 00 60 00 mov $0x6000f2,%ecx
4000cc: ba f6 00 60 00 mov $0x6000f6,%edx
4000d1: cd 80 int $0x80
00000000004000d3 <Exit>:
4000d3: bb 0a 00 00 00 mov $0xa,%ebx
4000d8: b8 01 00 00 00 mov $0x1,%eax
4000dd: cd 80 int $0x80
how to remove 00,
I did the changed like eax
to al
, bx
to bl blahahahahahaha...... but not work
can someone modify it.......
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
如果你想避免 shellcode 中出现 NULL 字节,你必须考虑很多事情。然而,大多数时候它涉及用等效的指令替换指令。
例如,
生成包含 NULL 字节的
b8 00 00 00 00
。将其替换为在语义上是等效的,但会生成
31 c0
。有关编写 shellcode 的详细介绍,请阅读Smashing The Stack For Fun And Profit。这本书黑客:剥削的艺术 包含有关避免 shellcode 中的 NULL 字节的部分 (0x523)。
You have to take a lot of things into consideration if you want to avoid NULL bytes in shellcode. However, most of the time it involves replacing instructions with equivalent ones.
For example,
produces
b8 00 00 00 00
which contains NULL bytes. Replacing it withis semantically equivalent but produces
31 c0
instead.For a good introduction on writing shellcode, read Smashing The Stack For Fun And Profit. The book Hacking: The Art of Exploitation contains a section (0x523) about avoiding NULL bytes in shellcode.
因此,您希望使用不包含字节 0 的操作码。这只适用于使用字符串创建缓冲区溢出(例如:
strcpy()
)。要么你学得很好,这样你就能熟记最常见指令的二进制编码,从而能够避免 0。或者使用现有的工具:将原始代码编码为不带 0 字节的表示形式(例如:BCD、base64,甚至像
010010010
这样的 ASCII 字符串),并在其前面添加一个不包含零的特殊描述符。So, you want to use opcodes that does not contain byte 0. This could be useful only to create buffer overflows with strings (example:
strcpy()
).Either you learn assembly wery well, so that you would know the binary encoding of most common instructions by heart, thus being able to avoid 0. Or by using existing tools for that: something that encodes the original code to a representation without 0 bytes (example: BCD, base64, or even ASCII string like
010010010
), and prepends to it a special decriptor that does not contain zeros.