Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [bits 32]
- ; In both parts of the exercise I have chosen to use the stack for storing the needed strings, since I found that it results in the shortest (65 bytes) and most easily readable (no weird jumps needed) code.
- ;;; Print 'Hello, world\n' using the write syscall ;;;
- ; set syscall number
- push byte 0x4
- pop eax
- ; set file handle. 1 is stdout
- xor ebx, ebx
- inc ebx
- ; push string to stack
- push byte 0x0a ; '\n'
- push dword 'orld'
- push dword 'o, w'
- push dword 'Hell'
- ; set argument to point at the string
- mov ecx, esp
- ; set the length parameter
- cdq ; sign-extend eax, which is 4, into edx, zeroing it
- mov dl, 13
- ; and go!
- int 0x80
- ;;; Execute '/usr/bin/id' with argument '-d' using the execve syscall ;;;
- ; clear edx. it needs to be 0 later, and it's useful to have a 0.
- ; note that eax contains the return code from the write syscall, which is 0
- cdq ; sign-extend eax into edx
- ; set syscall number
- ; xor eax, eax ; eax is already zero (return code from write syscall)
- mov byte al, 11
- ; prepare filename argument
- push byte 'd'
- push word '/i'
- push dword '/bin'
- push dword '/usr'
- ; set filename argument
- mov ebx, esp
- ; prepare the argv argument
- push edx ; terminator for argument string
- push word 0x752d ; argument string: '-u'
- mov esi, esp ; pointer to '-u'
- ; push the argv arguments to stack
- push edx ; push null terminator
- push esi ; push pointer to '-u'
- push ebx ; push pointer to '/usr/bin/id'
- ; set argv argument
- mov ecx, esp
- ; set the envp argument to null
- ; xor edx, edx ; this was already done earlier
- ; ok, go!
- int 0x80
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement