assembly school

Assembly School

Welcome to my blog!

Here will be some assembly things I work on

section .text
global _start
_start:
        jmp two
one:
        pop ebx			; (complete) ebx should contain the string address
    mov eax, 0
        mov byte [ebx+7], al    			; (complete) terminate /bin/sh with 0x00 (1 byte)
        mov [ebx+8], ebx   	        ; (complete) save ebx to memory at address ebx+8
        mov [ebx+12], eax		; (complete) save eax to memory at address ebx+12
        lea ecx, [ebx+8]   	        ; let ecx = ebx + 8
        
    mov edx, 0
        mov al, 0x0b
        int 0x80
two:
        call one
        db '/bin/sh*AAAABBBB'

In this example, you compile it like so:

nasm -f elf32 -o output.o labsh.txt

ld -N -m elf_i386 -o prog output.

-N will make the text segment readable and writeable.

so at _start, we jump to two, which calls one and then that calls one.

It will then push the start of /bin/sh to the stack.

Then pop ebx will put the value stored on the stack into ebx.

Next, mov byte [ebx+7], al will terminate the /bin/sh string

mov [ebx+8], ebx

This will then allow us to store the necessary values for argv and terminate it with null values.

we can see all the needed registers being set.