Shellcode Research
Shellcode Research
Hello, world!
global _start
section .text
_start:
mov rax, 1 ; write(
mov rdi, 1 ; STDOUT_FILENO,
mov rsi, msg ; "Hello, world!\n",
mov rdx, msglen ; sizeof("Hello, world!\n")
syscall ; );
mov rax, 60 ; exit(
mov rdi, 0 ; EXIT_SUCCESS
syscall ; );
section .rodata
msg: db "Hello, world!", 10
msglen: equ $ - msg
$ nasm -f elf64 -o hello.o hello.asm
$ ld -o hello hello.o
$ ./hello
Source: https://jameshfisher.com/2018/03/10/linux-assembly-hello-world/
Hello, root!
global _start
section .text
_start:
mov rax, 102;
syscall ; rax now contains the uid
cmp rax,0
jne .root
.user:
mov rax, 1 ; write(
mov rdi, 1 ; STDOUT_FILENO
mov rsi, msguser ; "Hello, world!\n"
mov rdx, msguserlen; sizeof("Hello, world!\n")
syscall ; )
jmp .end
.root:
mov rax, 1 ; write(
mov rdi, 1 ; STDOUT_FILENO
mov rsi, msgroot ; "Hello, world!\n"
mov rdx, msgrootlen; sizeof("Hello, world!\n")
syscall ; )
.end:
mov rax, 60; exit(
mov rdi, 0 ; EXIT_SUCCESS
syscall ; )
section .rodata
msguser: db "Hello, user!", 10
msguserlen: equ $ - msguser
msgroot: db "Hello, root!", 10
msgrootlen: equ $ - msgroot
arch switch
Saw this fly by on discord, not 100% on it
Not sure if this is useful to anyone here, but I used this technique for some shell code I had to switch between 32/64 bit on the fly:
_detect_x64_or_x32:
xor ecx, ecx ; ecx = 0
db 0x41 ; x32 opcode "inc ecx"
loop x64_code ; ecx is either -1 in x64, and if so we jmp
x32_code:
; use fs to locatae system DLLs
ret
x64_code:
; use gs to locatae system DLLs
ret
Share this post
Twitter
Facebook
Reddit
LinkedIn
StumbleUpon
Pinterest
Email