From owner-freebsd-hackers@FreeBSD.ORG Sat Mar 6 12:43:45 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EF01316A4CE for ; Sat, 6 Mar 2004 12:43:45 -0800 (PST) Received: from smtp4.acsu.buffalo.edu (smtp4.acsu.buffalo.edu [128.205.6.179]) by mx1.FreeBSD.org (Postfix) with SMTP id 8D08D43D2F for ; Sat, 6 Mar 2004 12:43:45 -0800 (PST) (envelope-from chsiung2@buffalo.edu) Received: (qmail 27952 invoked from network); 6 Mar 2004 20:43:45 -0000 Received: from dhcp103-091.openport.buffalo.edu (HELO bear.bflony.adelphia.net) (128.205.103.91) by smtp4.acsu.buffalo.edu with SMTP; 6 Mar 2004 20:43:45 -0000 Date: Sat, 6 Mar 2004 15:44:04 +0000 From: chungwei Hsiung To: des@des.no (Dag-Erling =?ISO-8859-1?Q?Sm=F8rgrav?=) Message-Id: <20040306154404.7da5ba81@bear.bflony.adelphia.net> In-Reply-To: References: <4048CA38.6040203@yahoo.com> <20040305233209.GO67801@wantadilla.lemis.com> <20040306142651.314430be@bear.bflony.adelphia.net> <20040306202517.GA8384@x-anthony.com> X-Mailer: Sylpheed version 0.9.8claws (GTK+ 1.2.10; i386-portbld-freebsd5.1) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable cc: freebsd-hackers@freebsd.org Subject: Re: Strange instructions in compiler output X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Mar 2004 20:43:46 -0000 thanks for the reply compile the code by=20 gcc -o shellcode -ggdb -static shellcode.c actually giving me the code you showed below I still don't understand it because we are supposed to pass in the op code = 0xb to %eax, and arguments to %ebx, %ecx, and %edx before calling interupt,= but I can't see any of those instruction anywhere. Did I miss anything? best regards, Chungwei On Sat, 06 Mar 2004 21:31:51 +0100 des@des.no (Dag-Erling Sm=F8rgrav) wrote: > Anthony Schneider writes: > > On Sat, Mar 06, 2004 at 02:26:51PM +0000, chungwei Hsiung wrote: > > > gcc -o shellcode -ggdb -static shellcode.c > > try compiling with the -static flag the gcc. >=20 > Reading is fast becoming a lost art... >=20 > Anyway, here's the code for execve(): >=20 > 08048224 <__sys_execve>: > 8048224: b8 3b 00 00 00 mov $0x3b,%eax > 8048229: cd 80 int $0x80 > 804822b: 72 ef jb 804821c > 804822d: c3 ret > 804822e: 90 nop > 804822f: 90 nop >=20 > exciting, huh? oh, and the code that calls it: >=20 > 8048201: 6a 00 push $0x0 > 8048203: 8d 45 f8 lea 0xfffffff8(%ebp),%eax > 8048206: 50 push %eax > 8048207: ff 75 f8 pushl 0xfffffff8(%ebp) > 804820a: e8 15 00 00 00 call 8048224 <__sys_execve> > 804820f: 83 c4 10 add $0x10,%esp >=20 > DES > --=20 > Dag-Erling Sm=F8rgrav - des@des.no >=20