sh but generate NULL

Asked Dec 24 '18 at 08:04

Active Dec 24 '18 at 08:04

Viewed 18 times

I tried writing assembly code and trying to execute /bin/sh but it produced NULL.

I think there's something wrong when I want to save a string 0x68732f6e and 0x69622f2f

global _start
section .text

_start:

xor eax, eax
push edx
mov dword [esp], 4
mov dword [esp+4], 0x68732f6e
mov dword [esp+4], 0x69622f2f
mov edx, 0x20
mov esi, esp
mov edi, ebx
mov eax, 0xb
int 0x80

The result is :

febri@febri-AO725:~/assembly$ strace ./shell
execve("./shell", ["./shell"], [/* 70 vars */]) = 0
execve(NULL, NULL, [/* 0 vars */])      = -1 EFAULT (Bad address)
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0xfffffff2} ---
+++ killed by SIGSEGV (core dumped) +++
Segmentation fault (core dumped
febri@febri-AO725:~/assembly$

asked Dec 24 '18 at 08:04

Febriyanto Nugroho

1

for one thing, you have `[esp+4]` twice so overwriting the first value with the other – Paweł Łukasik Dec 24 '18 at 08:12
Args for the `int 0x80` 32-bit ABI go in EBX, ECX, EDX. Looks like you're using the register order from the 64-bit `syscall` ABI. (You get NULL because `ebx` is zero on process startup under Linux.) – Peter Cordes Dec 24 '18 at 08:15

Trying to execute /bin/sh but generate NULL

0 Answers0