C Programming - ShellCoding Series - Episode #1 (AUDIO)

At last ended up creating AUDIO!


    Overview of Linux Process Memory Model
    Overview Stack Segment
    Stack Segment Population
    Stack Segment Manipulation


Download MP3| AAC
Next Episode: Writing ShellCode for Spawing a Shell (/bin/sh)



Show Notes:

Program1:

/* program1.c */
int f(int i, int j, int k)
{
   char buffer1[5];
   char buffer2[10];
}

int main()
{
   f(1,2,3);
}


Disassembly of Program1.c:

$> gdb -q program1
(no debugging symbols found)...
(gdb) disass main
Dump of assembler code for function main:
0x0804833c : push   %ebp
0x0804833d : mov    %esp,%ebp
0x0804833f : sub    $0x8,%esp
0x08048342 : and    $0xfffffff0,%esp
0x08048345 : mov    $0x0,%eax
0x0804834a : add    $0xf,%eax
0x0804834d : add    $0xf,%eax
0x08048350 : shr    $0x4,%eax
0x08048353 : shl    $0x4,%eax
0x08048356 : sub    %eax,%esp
0x08048358 : push   $0x3
0x0804835a : push   $0x2
0x0804835c : push   $0x1
0x0804835e : call   0x8048334 
0x08048363 : add    $0xc,%esp
0x08048366 : leave  
0x08048367 : ret    
End of assembler dump.
(gdb) diasass f
Dump of assembler code for function f:
0x08048334 : push   %ebp
0x08048335 : mov    %esp,%ebp
0x08048337 : sub    $0x28,%esp
0x0804833a : leave  
0x0804833b : ret    
End of assembler dump.
(gdb) quit


Program2:

/* program2.c */
void f()
{
   int i;
   *(&i+2) += 7;
}

int main()
{
   int i = 10;
   f();
   i = 20;
   printf("i = %d\n",i);
}


Disassemble for Program2.c:

$> gdb -q program2
(no debugging symbols found)...

(gdb) disass main
Dump of assembler code for function main:
0x08048376 : push   %ebp
0x08048377 : mov    %esp,%ebp
0x08048379 : sub    $0x8,%esp
0x0804837c : and    $0xfffffff0,%esp
0x0804837f : mov    $0x0,%eax
0x08048384 : add    $0xf,%eax
0x08048387 : add    $0xf,%eax
0x0804838a : shr    $0x4,%eax
0x0804838d : shl    $0x4,%eax
0x08048390 : sub    %eax,%esp
0x08048392 : movl   $0xa,0xfffffffc(%ebp)
0x08048399 : call   0x8048368 
0x0804839e : movl   $0x14,0xfffffffc(%ebp)
0x080483a5 : sub    $0x8,%esp
0x080483a8 : pushl  0xfffffffc(%ebp)
0x080483ab : push   $0x804849c
0x080483b0 : call   0x80482b0
0x080483b5 : add    $0x10,%esp
0x080483b8 : leave  
0x080483b9 : ret    
0x080483ba : nop    
0x080483bb : nop    
End of assembler dump.

(gdb) disass f
Dump of assembler code for function f:
0x08048368 : push   %ebp
0x08048369 : mov    %esp,%ebp
0x0804836b : sub    $0x4,%esp
0x0804836e : lea    0x4(%ebp),%eax
0x08048371 : addl   $0x7,(%eax)
0x08048374 : leave  
0x08048375 : ret    
End of assembler dump.
(gdb) quit

Reference:
"Smashing Stack for Fun and Profit" by Aleph One

Thanks to:
Podcaster Confessions by Joseph Nilo.
ScreenCasts seems to be a perfect fit!! One of my favourite screencast is
by Don McAllister

Labels:

About this entry

You’re currently reading “C Programming - ShellCoding Series - Episode #1 (AUDIO),” an entry on ANOOB BACKER Technical Blog

Published:
8:19 am
by -