assembly - Using gas, how can I get the offset to a particular label? -

-

i'm using pwnlib write small shellcode challenge. shellcode needs modify pass application filters. first wrote nasm, , did that:

        sub        edx, edx         mov        dl, 0x82         add        al, do_mov_rdi_rax         sub        dword [rax], edx         mov        dh, 0x82         add        al, do_syscall - do_mov_rdi_rax         sub        dword [rax], edx         shr        edi, 31      do_mov_rdi_rax:         ; mov    rsi, rax         ; (with 0x82 added first byte pass validation)         db         0xca, 0x89, 0xc6         sub        eax, eax      do_syscall:         ; syscall         ; (with 0x82 added both bytes pass validation)         db         0x91, 0x87

pwnlib uses gas, however, assembly code has conform syntax. besides obvious (// instead of ;, .byte instead of db), i'm stuck 1 last problem: while nasm happily converted labels integers (for add al, do_mov_rdi_rax , add al, do_syscall - do_mov_rdi_rax), gas keeps telling me can't represent addressing type bfd_reloc_8, or (i somehow ended french version of gas, sorry lacking error message).

how can address of labels integers? shellcode based @ address 0 (and gas told .org 0x0).

what you're doing unusual , looks requires relocation mach-o object format used os x doesn't support. problem isn't you're trying use label integer, it's you're trying use label 8-bit integer. that's not useful in practice, , compiler never do.

if want add lower 8 bits of address of symbol (or difference between 2 symbols) lower 8 bits of rax you're going use label 32-bit integer first.

for example move 32-bit register first:

    mov $do_mov_rdi_rax, %ecx     add %cl, %al ...     mov $(do_syscall - do_mov_rdi_rax), %ecx     add %cl, %al

if don't have free register load memory:

    add indirect_do_mov_rdi_rax, %al ...     add indirect_difference, %al  indirect_do_mov_rdi_rax:     .long   do_mov_rdi_rax  indirect_difference:     .long   do_syscall - do_mov_rdi_rax

if didn't want using 8-bit arithmetic , want addition using 64-bits of address use 64-bit register rax instead:

    add $do_mov_rdi_rax, %rax ...     add $(do_syscall - do_mov_rdi_rax), %rax

Comments

Post a Comment

Popular posts from this blog

python - TypeError: start must be a integer -

-
i trying draw 5 turtles, getting typeerror on line 25. here code: import turtle wn = turtle.screen() redrose = turtle.turtle() color = input("what background color be?") fillcolor_f = input("what color of rose be?") redrose.hideturtle() redrose.speed(30) redrose.penup() redrose.left(180) redrose.forward(175) redrose.right(90) redrose.forward(30) redrose.right(90) redrose.pendown() def drawrose(red): redrose.color("pink") redrose.fillcolor(fillcolor_f) redrose.fill(true) in range(red): redrose.forward(i) redrose.right(49) in range(5): drawrose(redrose) redrose.penup() redrose.forward(350) redrose.right(144) redrose.pendown() redrose.fill(false) drawrose(50) wn.bgcolor(color) i trying draw 5 roses, produces errors. doing in interactivepython.org. you recursively calling drawrose wrong parameter. on line 23 ( for in range(red): ) expect red integer...
Read more

c# - DevExpress RepositoryItemComboBox BackColor property ignored -

-
i have following code almost works properly; private void cbstatus_drawitem(object sender, listboxdrawitemeventargs e) { string item = e.item string; if (item != null) { switch (item) { case "1": e.appearance.forecolor = color.green; e.appearance.backcolor = color.green; break; case "2": e.appearance.forecolor = color.orange; e.appearance.backcolor = color.orange; break; case "3": e.appearance.forecolor = color.red; e.appearance.backcolor = color.red; break; } } } when dropdown shown, items forecolor correct, backcolor remains whatever backcolor of theme is; i.e. if i've got set dark theme, backcolor dark, cells in gridview, rather being green/orange/red. i've tried setting e.appearance.options.usebackcolor trying set e....
Read more

django - Creating multiple model instances in DRF3 -

-
1) create multiple model instances 1 api call, asked here: how create multiple model instances django rest framework? tried solution named in link, no success. i trying upload multiple files in 1 api call. result: files uploaded (only once overwrote perform_create) 1 instance created (if send 2 files, latter created instance). my code: class fileuploadserializer(serializers.modelserializer): def __init__(self, *args, **kwargs): many = kwargs.pop('many', true) super(fileuploadserializer, self).__init__(many=many, *args, **kwargs) class meta: model = fileupload read_only_fields = ('created', 'datafile', 'owner') class fileuploadviewset(viewsets.modelviewset): queryset = fileupload.objects.all() serializer_class = fileuploadserializer parser_classes = (multipartparser, formparser, ) def perform_create(self, serializer): file_list = self.request.data.getlist('file') ...
Read more