On the internet to see a good introduction shellcode introductory article, I would like to roughly translate, it is really into the binary security related fields of learning it. Original address: http://www.primalsecurity.net/0x0-shellcoding-tutorial-introduction-to-asm/
The following is translated: (non-sentence translation)
Assembly Code Introduction:
Assembler is a low-level programming language designed to facilitate interaction with microprocessors. The language is associated with the processor family, such as Intel, ARM, and so on. In understanding the assembly, the architecture plays an important role because there is a big difference between 32-bit and 64-bit. Here we focus mainly on Intel (IA-32) under Linux.
The CPU registers we see today are eax, EBX, ECX, and edx. These registers have general functionality at the time of initial design. But for our purposes, we can store any data we like in each time series. The standard usage of these registers is as follows:
EAX |
"Accumulator" is usually used for arithmetic operations |
EBX |
Base register, as a data pointer |
Ecx |
"Calculator", the index used for looping |
EDX |
Data register, acting as an I/O pointer |
In the next article, we'll cover some other registers.
To operate our registers:
First, we'll use the previously mentioned registers to create a basic "Hello World" assembly language script. To do this, we first create a new file called "Helloworld.asm" (you can take any name you want), and then create the '. Text ' and '. Data ' two segments in a text editor, as follows:
Section . Textglobal _start ; Default entry point for linking _start: ; entry Point for commands Section . Data
The. Data segment we will use to store strings (which can be used for variables, etc.). The text segment will create an elf link entry, our instructions for manipulating the register to set our system calls (multiple), and our instructions to the kernel to execute our system calls.
First, we need to add our string to the. Data segment using define byte or DB:
msg: ; the string, followed by a new line character
Next, we need to decide what system calls will be used for our assembly instructions. In order to see the available system calls, we need to look at the "uninstd_32.h" file, which generally exists in "/usr/include/i386-linux-gnu/asm/" or possibly elsewhere. We can open this file to see the available calls:
Immediately see the two system calls we take advantage of, the Exit function (#define __NR_EXIT 1) and the Write function (#define __nr_write 4). Notice the two system call numbers because we're going to use them later. We can use "Man 2" to see the details about these system calls. (Example: Man 2 Write):
Look at the man file and see that we need to use multiple fields, ' int fd ' (field descriptor), ' const void *buf ' (buffer), ' size_t count ' (string size). In this example, our field descriptor indicates where we are going to write (0 for standard input, 1 for standard output, and 2 for standard error). Here, our buffer, is ' Hello world! ' String, the counter is the length of the buffer. In conclusion, we have several points:
Now that we have identified the necessary information, we can begin to manipulate the register. To do this, we will use the Intel system structure for the register operation of the MOV command:
mov [Destination],
We will repeat the MOV with each of the four fields, followed by the EAX,EBX,ECX and edx registers, followed by the "int 0x80" command to execute the system call.
Section . Textglobal _start;Default entry point for linking _start: ;entry Point for commands ;Use the write syscall to print ' Hello world! ' to stdout moveax4 ;move Syscall 4 (write) to the EAX register movEbx1 ;move field descriptor for stdout to EBX movECX, MSG;Move the memory address of our string to ECX movEdX - ;move the length of the string to edx int0x80;Execute the SyscallSection . Datamsg:DB "Hello world!", 0x0a;the string, followed by a new line character
Now, we have carefully written the write system call. We need to follow the same steps to clean the execution of the program. To do this, we will use the "exit" system call mentioned earlier. This time, we only need to take advantage of the "int status", the following steps for exit system call, your code will be similar to the following:
Section . Textglobal _start;Default entry point for linking _start: ;entry Point for commands ;Use the write syscall to print ' Hello world! ' to stdout moveax4 ;move Syscall 4 (write) to the EAX register movEbx1 ;move field descriptor for stdout to EBX movECX, MSG;Move the memory address of our string to ECX movEdX - ;move the length of the string to edx int0x80;Execute the Syscall ;Use the exit Syscall to exit the program with a status code of 0 moveax1 ;mov syscall 1 (exit) to the EAX register) movEbx0 ;Move status code to EBX int0x80;Execute the SyscallSection . Datamsg:DB "Hello world!", 0x0a;the string, followed by a new line character
To create our executable program:
Now that our assembly code has been created, and we are going to compile it called the target file, and then use the linker to create our Elf executable, we use the following NASM command to create our target file:
Object file file>
Now that we have a successful target file, we can use LD to link it and then create the final execution file. We use the following command:
LD file Object file>
Assuming this is the case, we should have a full-featured elf executable. Now we can execute our files and ensure that they are executed correctly.
Attached NASM: http://www.nasm.us/pub/nasm/releasebuilds/2.11.08/
Shellcoding Tutorial: Introducing ASM
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
