Sign in to follow this  
Followers 0
screamer

asm

7 posts in this topic

Finally decided to move into the realm of assembler and shellcoding, anyone know of any good tutorials?

Oh, and one question: I've been reading a lot about writing shellcode by using assembler, and then throwing the program into gdb to examine the endian it spits out...but I'm somewhat confused. It says the following.

push $0x6d6f7266 #push from on the stack

push $0x20626f62 #push bob on the stack

(where "from" and "bob" are simply words being sent to write() to be printed to the screen)

But the article never explains how you know to translate the words "bob" and "from" into the hex shown above...can anyone fill me in? Or at least point me to the right spot online.

0

Share this post


Link to post
Share on other sites

Get in touch with Zapperlink.

0

Share this post


Link to post
Share on other sites

Hmmm... no followups on this. For anyone who was looking for an explanation here goes...

The original code is:

push $0x6d6f7266 #push from on the stack

push $0x20626f62 #push bob on the stack

They probably should've put "from" and "bob" in quotes. What goes on the stack is actually the string "from" and then the string "bob " (notice the space at the end). The numbers are the hexadecimal representations of the strings.

0x6d == "m"

0x6f == "o"

0x72 == "r"

0x66 == "f"

0x20 == space

0x62 == "b"

0x6f == "o"

0x62 == "b"

Of course you'll notice the strings are in reverse order. This is because Intel arranges its memory in a format called "little-endian". Basically this means that the "little end" goes first and is really annoying when you're reading hex dumps.

If anyone wants more of an explanation just let me know.

0

Share this post


Link to post
Share on other sites

thats why gnu has such nice tools for reading dumps.. people just hate doing it by hand.. ;)

nice info nick.

0

Share this post


Link to post
Share on other sites

Thanks for the info, ntheory. That stuff fascinates me.

0

Share this post


Link to post
Share on other sites

No worries. Feel free to bounce more Intel (or Sparc) asm questions off of me anytime guys.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0