Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Re: Linux Security

3 views
Skip to first unread message

Grant Diffey

unread,
Feb 27, 2005, 10:40:31 PM2/27/05
to
dude84 wrote:

>
> E. Charters wrote:
>> did you terminate the string you stacked with a newline character?
>> --> "\n" ??
> Yes I did terminate the string with a \n character.
> I created a string variable and pushed the variable onto the stack.
> Here is a copy of the code:
> File: message2.s
> gcc2_compiled:
> ,data
> .LCO:
> .string "Hello World\n"
> .global main
> .type main,@function
> main:
> pushl $.LCO
> call printf
> addl $0x4,%esp
> call exit
> This program functions when run from a prompt. This program is
> strictly assembler.
>

The \n is nice and all but it doesn't actually terminate the string you need
to have a \0 for printf to recognise that the string is finished.

BTW I strongly suggest you take a look at NASM as it has a syntax that's far
closer to tradition x86 assemblers such as MASM and TASM

--
All software sucks all hardware sucks.

Thomas D. Shepard

unread,
Mar 3, 2005, 7:31:46 AM3/3/05
to
On Fri, 18 Feb 2005 11:27:14 +0000, dude84 wrote:

>

> ,data

I would have said ".section .data" here.

> .LCO:
> .string "Hello World\n"

I would have said ".asciz "Hello World\n" here, to make sure the string is
NULL terminated.

> .global main
> .type main,@function
> main:
> pushl $.LCO
> call printf
> addl $0x4,%esp
> call exit
> This program functions when run from a prompt. This program is
> strictly assembler.
>
>>

>>>
>>> I need assistance with learning how to write assembler code (custom)
>>> that will work with computer security related issues like a stack
>>> based buffer overflow. Can anyone point me in the direction of a
>>> newsgroup that could help me with this?
>>> I've written a piece of assembler that calls the printf function,
>>> and when I pass it into the buffer on my machine it does nothing and
>>> segmentation faults. I'm using gas with gcc. I push the string onto
>>> the stack call the function, add the memory space back to the stack,
>>> and call the function to exit the program. I need someone's help to
>>> explain why the hex code from this program does nothing.

Here are some useful resources:

http://www.phrack.org/show.php?p=49&a=14 is the definitive essay on buffer
overflows. Visiting this web site would be considered by many as
"suspicious activity."

"Professional Assembly Language," by Richard Blum, published by Wiley
(www.wiley.com) and Wrox (www.wrox.com) is a good book that covers
use of gcc and mixing assembly with C.

"The Definitive Guide to GCC," by Kurt Wall and William von Hagen,
published by Apress and Springer-Verlag, is a good reference on the gory
details of gcc.

>>>
>>>
>>

--
Thomas D. Shepard
I am sorry, but you can't email me.
ImaSp...@spam.sux is not a real email address. I figure if someone wants to
harvest an email address to use for sending spam, they may as well use this one.

0 new messages