我想将带有系统调用的 x86 Linux shellcode 转换为 ARM Linux 系统调用 [英] I want to convert x86 Linux shellcode with system calls to ARM Linux system calls

问题描述

我想将 Intel x86 汇编代码转换为 ARM.我不知道如何使用堆栈.

I want to convert Intel x86 assembly code to ARM. I do not know how to use the stack.

我使用 int 0x80 系统调用为 32 位 x86 Linux 编写了一个对 execve 的调用.
但是，ARM 使用 svc 或 swi.

I wrote a call to execve using an int 0x80 system call for 32-bit x86 Linux.
However, ARM uses svc or swi.

但我不知道如何使用这样的东西:
push 0x0068732f 和 push 0x6e69622f

But I do not know how to use something like this:
push 0x0068732f and push 0x6e69622f

.globl main
main:

push 0x0068732f
push 0x6e69622f

mov edx, 0
mov ecx, 0
mov ebx, esp
mov eax, 11
int 0x80

mov ebx, 0
mov eax, 1
int 0x80

arm 上的系统调用期望使用 swi 看起来像这样:

The syscall on arm expects to use the swi to look like this:

.global _start

_start:
    ?????
    mov r7, #11
    swi #0

_exit:
    mov r7, #1
    swi #0

我想使用堆栈推送方法而不是 .ascii 方法.

I want to use the stack push method rather than the .ascii method.

推荐答案

man syscall

    arch/ABI    instruction           syscall #  retval  error    Notes
   ────────────────────────────────────────────────────────────────────
   arm/EABI    swi 0x0               r7         r0      -
   x32         syscall               rax        rax     -        [5]


   arch/ABI      arg1  arg2  arg3  arg4  arg5  arg6  arg7  Notes
   ──────────────────────────────────────────────────────────────
   arm/EABI      r0    r1    r2    r3    r4    r5    r6

参见:ARM 常量

.global _start

.equ    label1, 0x0068732f
.equ    label2, 0x6e69622f

_start:
 movw    r3, #:lower16:label1
 movt    r3, #:upper16:label1
 movw    r2, #:lower16:label2
 movt    r2, #:upper16:label2
 push    {r2,r3}

 mov R3, #0
 mov R2, #0
 mov R1, #0
 mov r0, sp
 mov r7, #11
 swi #0

_exit:
 mov r0, #0
 mov r7, #1
 swi #0

<小时>

这是另一个例子，

---

Here is another example,

asm mov r0, #0
push {r0}
movw r1, #0x6548 @ He 
movt r1, #0x6c6c @ ll 
movw r2, #0x576f @ oW 
movt r2, #0x726f @ or 
movw r3, #0x646c @ ld 
movt r3, #0x0a32 @ 2\n
push {r1,r2,r3}  @ move register 'string' to stack.
@ write(unsigned int fd, const char *buf, size_t count) 
mov r0, #1  @ stdout 
mov r1, sp  @ load string from stack 
mov r2, #12 @ length 
mov r7, #4  @ write() syscall number
swi #0      @ syscall 

大多数现代 ARM CPU 将支持 movw/movt.还有其他方法可以做到这一点.但它们就像 '.ascii'，因为 ARM 代码可以包含常量.这是上面博客中讨论的旧样式.我可能在上面的代码中混淆了一些顺序，但我认为这是正确的.

Most modern ARM CPUs will support movw/movt. There are other ways to do this. But they are like '.ascii' as ARM code can contain constants. That is the old style as discussed in the blog above. I might have some ordering mixed up in the code above, but I think it is right.

这篇关于我想将带有系统调用的 x86 Linux shellcode 转换为 ARM Linux 系统调用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！