堆栈内存溢出
  简体   繁体   English

执行的shellcode终止主程序

[英]Executed shellcode terminates main program

 原文  2017-05-11 10:06:31       c/ assembly/ execute/ terminate/ shellcode

问题描述

I am trying to execute shellcode in a memory region. 我正在尝试在内存区域中执行shellcode。 While it works so far, I am confronted with another problem right now: The main-c-program exits after I called the shellcode-program. 到目前为止,尽管工作正常,但我现在面临另一个问题:在调用shellcode程序后,main-c程序退出了。 Is there a (simple) way around this other than working with threads? 除了使用线程之外,还有其他(简单)的方法吗?

I think that this has something to do with the mov rax, 60 and the following syscall , exiting the program. 我认为这与mov rax, 60和以下syscall ,退出了程序。 Right? 对?

Main-C-Code 主要-C代码 

#include <string.h>
#include <sys/mman.h>

const char shellcode[] = "\xeb\x1e\xb8\x01\x00\x00\x00\xbf\x01\x00\x00\x00\x5e\xba\x0d\x00\x00\x00\x0f\x05\xb8\x3c\x00\x00\x00\xbf\x00\x00\x00\x00\x0f\x05\xe8\xdd\xff\xff\xff\x48\x65\x6c\x6c\x6f\x2c\x20\x57\x6f\x72\x6c\x64\x21";

// Error checking omitted for expository purposes
int main(int argc, char **argv)
{
  // Allocate some read-write memory
  void *mem = mmap(0, sizeof(shellcode), PROT_READ|PROT_WRITE, MAP_SHARED|MAP_ANONYMOUS, -1, 0);

  // Copy the shellcode into the new memory
  memcpy(mem, shellcode, sizeof(shellcode));

  // Make the memory read-execute
  mprotect(mem, sizeof(shellcode), PROT_READ|PROT_WRITE|PROT_EXEC);

  // Call the shellcode
  void (*func)();
  func = (void (*)())mem;
  (void)(*func)();

  // This text will never appear
  printf("This text never appears");

  // Now, if we managed to return here, it would be prudent to clean up the memory:
  // (I think that this line of code is also never reached)
  munmap(mem, sizeof(shellcode));

  return 0;
}

Basis of the Shellcode (assembler (Intel)) Shellcode的基础 (汇编器(Intel)) 

global _start

_start:
    jmp message

code:
    mov     rax, 1
    mov     rdi, 1
    pop     rsi
    mov     rdx, 13
    syscall

    mov    rax, 60
    mov    rdi, 0
    syscall

message:
    call code
    db "Hello, World!"

2 个解决方案

解决方案1
 0  2017-05-11 10:38:36

imo the simplest way would be to make a binary file, then exec() that. imo最简单的方法是制作一个二进制文件,然后执行exec()。 and if you need output from that then setup pipes. 如果您需要该输出,请设置管道。

解决方案2
 0 已采纳  2017-05-11 11:47:12

I actually found it out by myself. 我实际上是自己发现的。 If anyone is interested, the simple solution was to alter the assembler-code as follows: 如果有人感兴趣, 简单的解决方案是按如下方式更改汇编代码: 

global _start

_start:
    jmp message

code:
    mov     rax, 1
    mov     rdi, 1
    pop     rsi
    mov     rdx, 13
    syscall

    ret        # Instead of "mov.., mov..., syscall"

message:
    call code
    db "Hello, World!"

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在ac程序中,整个过程是否在主线程终止时终止? - In a c program, does the whole process terminates when the main thread terminate? Shellcode C程序线束 - Shellcode C Program Harness C程序中的Shellcode - Shellcode in C program 在C错误中编译ShellCode程序 - Compiling ShellCode Program in C error 无法在易受攻击的程序中注入 shellcode - Unable to inject shellcode in vulnerable program shellcode有效,但在自定义C程序中无效 - shellcode working , but no in a custom C program 使用程序测试 shellcode 出现段错误 - Got segfault with a program to test shellcode 程序中途终止 - The program terminates halfway 信号处理程序终止程序 - Signal handler terminates program 执行Shellcode时C程序挂起/挂起 - C program hangs / suspends while executing shellcode
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM