32位程序exec()是一个64位程序
[英]32-bit program exec() a 64-bit program
问题描述
On my Debian amd64 system, I am trying to run tests of 32-bit exploit payloads on sample programs. 
在我的Debian amd64系统上,我试图在示例程序上运行32位漏洞利用有效负载的测试。 I know these payloads work as I have tested them in a 32-bit virtual machine. 我知道这些有效负载工作正如我在32位虚拟机中测试它们一样。
All of the necessary libraries are installed to run a 32-bit or 64-bit program. 安装所有必需的库以运行32位或64位程序。
However, when the shellcode executes int 80h to call exec("/bin/sh", ...) , the system call fails, returning an error code of -2 (ENOENT). 但是,当shellcode执行int 80h以调用exec("/bin/sh", ...) ,系统调用失败,返回错误代码-2(ENOENT)。
Modification of the shellcode to execute another 32-bit program results in the shellcode working as expected. 修改shellcode以执行另一个32位程序会导致shellcode按预期工作。
So, is there any way to exec() a 64-bit program from a 32-bit program? 那么,有没有办法从32位程序exec() 64位程序?
1 个解决方案
解决方案1
0 2014-10-14 06:32:55
It works when using the execl library function. 它在使用execl库函数时有效。
It may be difficult to call a library function from shell code, but you can try to trace its execution in a normal program and see how to write shell code that does the same. 从shell代码调用库函数可能很困难,但您可以尝试在正常程序中跟踪其执行,并查看如何编写执行相同操作的shell代码。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.