ASM外壳code在C缓冲区 - 序幕 [英] asm shellcode in C buffer - prologue
本文介绍了ASM外壳code在C缓冲区 - 序幕的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我尝试在C.缓冲区建立一个功能
使用gdb我能翻译
I try to build a function in a buffer in C. with gdb i can translate
push rbp
mov rbp,rsp
(...)
leave
ret
到
0x55
0x48 0x89 0xe5
(...)
0xc9
0xc3
所以我写了一个C code:
So I wrote a C code:
int main()
{
char buffer[]={0x55,0x48,0x89,0xe5,0xc9,0xc3};
void (*j)(void)=buffer;
j();
}
但我的计划似乎在按照压推RBP(在将0x55缓冲区)崩溃
你知道为什么吗?
but my program seems to crash at the intruction "push rbp" (0x55 in the buffer) Do you know why?
推荐答案
通常的原因是(其中存储在您的缓存
)堆栈是不可执行的。有主要两种方式解决这个:
The usual cause is that the stack (where your buffer
is stored) is not executable. There are primarily two ways around that:
- 编译/链接使得堆栈被标记可执行文件(即
GCC -z execstack
) - 使用
则mprotect
在运行时为纪念页面,在这里您code是可执行
- compile/link such that the stack is marked executable (ie.
gcc -z execstack
) - use
mprotect
at runtime to mark the page where your code is executable
这篇关于ASM外壳code在C缓冲区 - 序幕的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文