Unanticipated segmentation fault in C

1
votes

I'm writing a Linux shell code exploit. My target C code is:

 char code[] = "\xb0\x01\x31\xdb\xcd\x80";
 int main(int argc, char **argv)
 {
      int(*func)();
      func = (int (*)()) code;

      (Int)(*func)();
 }

Why does compiling and running this C program raise a segmentation fault error? The string is shell code that exits the program using the system call Int 0x80/EAX=1. The original exploit code in assembly is:

b0 01                   mov    al,0x1
31 db                   xor    ebx,ebx
cd 80                   int    0x80
1
linuxgccassemblyx86shellcode
What is func? That's probably where the error is occurring.Alex Quilliam
I'm new to C. I am trying to run the String using C. @alexquilliamKG96
Make sure you are in 32 bit linux and that your data section is executable.Jester
Jester is correct Your exploit code is 32-bit using int 0x80. If you ever find yourself passing a stack based pointer to a system call in 64-bit code this will likely fail. You really should consider using syscall instruction for 64-bit code. You will need to compile with -z execstack to have an executable stack. But as important EAX / RAX register may have garbage in the upper bits. before setting AL to 1,do xor eax, eax to zero the entire register first. That would be encoded as an extra \0x31\0xc0 at the beginning of your string.Michael Petch
(Int)(*func)(); what is Int ?wildplasser

1 Answers

1
votes

You are not setting eax=0x1, you are setting al=0x1, so if you don't know what instructions are executed before that your shellcode, you will have eax=xxxxxx01.

As the comments said you, you have to do a xor eax, eax on the beginning of your shellcode.