I'm writing a Linux shell code exploit. My target C code is:
char code[] = "\xb0\x01\x31\xdb\xcd\x80";
int main(int argc, char **argv)
{
int(*func)();
func = (int (*)()) code;
(Int)(*func)();
}
Why does compiling and running this C program raise a segmentation fault error? The string is shell code that exits the program using the system call Int 0x80/EAX=1. The original exploit code in assembly is:
b0 01 mov al,0x1
31 db xor ebx,ebx
cd 80 int 0x80
func
? That's probably where the error is occurring. – Alex Quilliamint 0x80
. If you ever find yourself passing a stack based pointer to a system call in 64-bit code this will likely fail. You really should consider usingsyscall
instruction for 64-bit code. You will need to compile with-z execstack
to have an executable stack. But as important EAX / RAX register may have garbage in the upper bits. before setting AL to 1,doxor eax, eax
to zero the entire register first. That would be encoded as an extra\0x31\0xc0
at the beginning of your string. – Michael Petch(Int)(*func)();
what is Int ? – wildplasser