Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /* Hello World shellcode execution example.
- *
- * Anonymous memory map code was taken from:
- * www.thexploit.com/secdev/testing-your-shellcode-on-a-non-executable-stack-or-heap/
- */
- #include <stdio.h>
- #include <sys/mman.h>
- #include <string.h>
- #include <stdlib.h>
- int (*sc)();
- char shellcode[] =
- "\xeb\x19" // jmp intro
- // thecode:
- "\x31\xc0" // xorl %eax, %eax # Flush the registers
- "\x31\xdb" // xorl %ebx, %ebx
- "\x31\xd2" // xorl %edx, %edx
- "\xb0\x04" // movl $0x04, %al
- "\xb3\x01" // movl $0x01, %bl
- "\x59" // pop %ecx
- "\xb2\x0c" // movl $0x0c, %dl # Length of the Hello World string
- "\xcd\x80" // int $0x80
- "\x31\xc0" // xor eax, eax
- "\x31\xdb" // xor ebx, ebx
- "\xb0\x01" // mov al, 0x01 (exit())
- "\xb3\x01" // mov bl, 0x01 (exit with status 1)
- "\xcd\x80" // int 0x80
- // intro:
- "\xe8\xe2\xff\xff\xff" // call thecode
- "\x48\x65\x6c\x6c\x6f\x20" // Continues below
- "\x57\x6f\x72\x6c\x64\x0a"; // .ascii "Hello World\n"
- int main(int argc, char* argv[])
- {
- // Shellcode size
- int sc_size = sizeof(shellcode);
- // Create an anonymous memory map and get a pointer to it
- void *ptr = mmap(0, sc_size,
- PROT_EXEC | PROT_WRITE | PROT_READ, MAP_ANON
- | MAP_PRIVATE, -1, 0);
- if (ptr == MAP_FAILED) {
- perror("mmap");
- exit(-1);
- }
- // Put the shellcode in the mmap
- memcpy(ptr, shellcode, sc_size);
- sc = ptr;
- // And finally execute it
- sc();
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement