shellcode amended "Segmentation fault"

Asked

Viewed 40 times

3

Well I have a file called test.asm with the code (for windows):

section .text
    global _main
    extern _printf

msg:
    db "%d", 0

_main:
    mov eax, 10
    add eax, 20

    push eax
    push msg
    call _printf
    add esp, 8
    ret

compiling using the nasm: nasm -f win32 teste.asm -o teste.o and then using the objdump of gcc I have the following:

00000000 <msg>:
   0:   25 64 00 b8 0a          and    $0xab80064,%eax

00000003 <_main>:
   3:   b8 0a 00 00 00          mov    $0xa,%eax
   8:   83 c0 14                add    $0x14,%eax
   b:   50                      push   %eax
   c:   68 00 00 00 00          push   $0x0
  11:   e8 00 00 00 00          call   16 <_main+0x13>
  16:   83 c4 08                add    $0x8,%esp
  19:   c3                      ret

using now in the file shellcode.c

#include <stdio.h>

const char shellcode[] = "\x25\x64\x00\xb8\x0a\xb8\x0a\x00\x00\x00\x83\xc0\x14\x50\x68\x00\x00\x00\x00\xe8\x00\x00\x00\x00\x83\xc4\x08\xc3";

int main( void )
{
  int (*func)();
  func = (int (*)())shellcode;

  (int)(*func)();
}

compiling: gcc shellcode.c -o main and running: ./main I have the following:

Segmentation fault

someone can help me?

c assembly

1 answer

1

The binary shellcode code, declared in the variable shellcode[], is stored in memory on a data page, therefore without permission for code execution (read + write only).

When the program calls the function func(), which points to the data page, an error occurs segmentation (General Protection Fault), due to lack of execution privilege on the page destination.

If you just want to test the shellcode, it is necessary:

  • Include the header Windows. h
  • Allocate a memory page and assign execution+write permission to this page
  • Copy the binary code that is in the variable shellcode[] to the allocated page
  • Point the function to the beginning of this page
  • Call the function

The code (commented) is as follows:

#include <stdio.h>
// Incluir o header Windows.h
#include <Windows.h>

const char shellcode[] = "\x25\x64\x00\xb8\x0a\xb8\x0a\x00\x00\x00\x83\xc0\x14\x50\x68\x00\x00\x00\x00\xe8\x00\x00\x00\x00\x83\xc4\x08\xc3";

int main( void )
{
    int (*func)();
    
    // Cria um ponteiro para a página de memória que será alocada
    LPVOID page;

    // Aloca a página de memória com permissão de escrita e execução
    page = VirtualAlloc(NULL, 4096, MEM_COMMIT, PAGE_EXECUTE_READWRITE);

    // Copia o shellcode para a página alocada
    CopyMemory(page, shellcode, 256);

    // Aponta func para a página e não para a variável shellcode
    func = (int (*)())page;

    // Chama a função    
    (int)(*func)();

    // Desaloca a página
    VirtualFree(page, 0, MEM_RELEASE);

    return 0;
}

In the Assembly code, you declared the function _printf as extern, however, when compiling the program, the Linker there is no way to discover or change the address of this function, because it is embedded inside the shellcode, so when calling the program in Assembly it will give error.

The tip here is to avoid declaring external functions.

  • Okay. Thank you !!

Browser other questions tagged c assembly

You are not signed in. Login or sign up in order to post.