Discussion:
Linux Security
(too old to reply)
dude84
2005-02-18 01:27:55 UTC
Permalink
Hi,

I need assistance with learning how to write assembler code (custom)
that will work with computer security related issues like a stack based
buffer overflow. Can anyone point me in the direction of a newsgroup
that could help me with this?
I've written a piece of assembler that calls the printf function, and
when I pass it into the buffer on my machine it does nothing and
segmentation faults. I'm using gas with gcc. I push the string onto
the stack call the function, add the memory space back to the stack, and
call the function to exit the program. I need someone's help to explain
why the hex code from this program does nothing.
E. Charters
2005-02-18 07:04:13 UTC
Permalink
did you terminate the string you stacked with a newline character?
--> "\n" ??

otherwise the standard C function printf will fail when you pass it the
address of the stack, which is what I presume you passed it.

The other problem is that stdio.h was not known to be included in your
routine. How do you include it, such that the function knows where to
send the io?

C may be low level and all, but mixing it with assembler may be fraught
with problemos.


EC<:-}
Post by dude84
Hi,
I need assistance with learning how to write assembler code (custom)
that will work with computer security related issues like a stack based
buffer overflow. Can anyone point me in the direction of a newsgroup
that could help me with this?
I've written a piece of assembler that calls the printf function, and
when I pass it into the buffer on my machine it does nothing and
segmentation faults. I'm using gas with gcc. I push the string onto
the stack call the function, add the memory space back to the stack, and
call the function to exit the program. I need someone's help to explain
why the hex code from this program does nothing.
dude84
2005-02-18 11:27:14 UTC
Permalink
Post by E. Charters
did you terminate the string you stacked with a newline character?
--> "\n" ??
Yes I did terminate the string with a \n character.
I created a string variable and pushed the variable onto the stack.
Here is a copy of the code:
File: message2.s
gcc2_compiled:
,data
.LCO:
.string "Hello World\n"
.global main
.type main,@function
main:
pushl $.LCO
call printf
addl $0x4,%esp
call exit
This program functions when run from a prompt. This program is
strictly assembler.
Post by E. Charters
otherwise the standard C function printf will fail when you pass it the
address of the stack, which is what I presume you passed it.
The other problem is that stdio.h was not known to be included in your
routine. How do you include it, such that the function knows where to
send the io?
I actually added one printf to the main program to try and make the
function available to the assembler. It didn't change anything.
Post by E. Charters
C may be low level and all, but mixing it with assembler may be fraught
with problemos.
When I take this code and pass it into a stack based buffer
overflow, the hex code from it does not run. The program produces
strange results. Can anyone explain to me why this hex code would not
work in a buffer overflow, and what I need to do in order to be able to
do something simple like a printf from within the buffer of a buffer
overflow (keep in mind there cannot be any \x00's in the machine code)?
Post by E. Charters
EC<:-}
Post by dude84
Hi,
I need assistance with learning how to write assembler code (custom)
that will work with computer security related issues like a stack
based buffer overflow. Can anyone point me in the direction of a
newsgroup that could help me with this?
I've written a piece of assembler that calls the printf function,
and when I pass it into the buffer on my machine it does nothing and
segmentation faults. I'm using gas with gcc. I push the string onto
the stack call the function, add the memory space back to the stack,
and call the function to exit the program. I need someone's help to
explain why the hex code from this program does nothing.
Mark Hobley
2005-02-18 21:08:07 UTC
Permalink
My background is MSDOS assembly language, I've not done much Linux stuff, so
I'm not experienced in this field.

I can tell you that to use C functions from a library, it is necessary to
initialize the C environment. The C compiler builds the executable in such a
manner that a call to an initialization routine called something like __cmain,
but I can't remember exactly, since it has been a long time since I did this.
You will need to make the appropriate call before you can use the C libraries.
You will need to make sure that the stack is set up in such a manner as expected
by the libraries that you are calling.

I suggest that you make a "hello world" program in c then get the compiler to
output the assembly language source. You need to then try and get your
assembler to compile it and see if you can run it.

I hope in future to have a MASM 6 equivalent for Linux.

Regards,

Mark.
--
Mark Hobley
393 Quinton Road West
Quinton
Birmingham
B32 1QE

Telephone: (0121) 422 6580

Email: markhobley at hotpop dot donottypethisbit com

http://markhobley.yi.org/
E. Charters
2005-02-21 11:01:39 UTC
Permalink
There is gdb that works with assembler that will
allow you to see the output line by line.

gdb will work with c programs and assembler.

What I would try is to write the function in C and
then insert it in the buffer. Perhaps it is the way
you are trying to call it that matters. There is
no execution of the code as there is no load
and execute provision ipso facto in your process.

EC<:-}
Post by dude84
Post by E. Charters
did you terminate the string you stacked with a newline character?
--> "\n" ??
Yes I did terminate the string with a \n character.
I created a string variable and pushed the variable onto the stack.
File: message2.s
,data
.string "Hello World\n"
.global main
pushl $.LCO
call printf
addl $0x4,%esp
call exit
This program functions when run from a prompt. This program is
strictly assembler.
Post by E. Charters
otherwise the standard C function printf will fail when you pass it
the address of the stack, which is what I presume you passed it.
The other problem is that stdio.h was not known to be included in your
routine. How do you include it, such that the function knows where to
send the io?
I actually added one printf to the main program to try and make the
function available to the assembler. It didn't change anything.
Post by E. Charters
C may be low level and all, but mixing it with assembler may be
fraught with problemos.
When I take this code and pass it into a stack based buffer
overflow, the hex code from it does not run. The program produces
strange results. Can anyone explain to me why this hex code would not
work in a buffer overflow, and what I need to do in order to be able to
do something simple like a printf from within the buffer of a buffer
overflow (keep in mind there cannot be any \x00's in the machine code)?
Post by E. Charters
EC<:-}
Post by dude84
Hi,
I need assistance with learning how to write assembler code
(custom) that will work with computer security related issues like a
stack based buffer overflow. Can anyone point me in the direction of
a newsgroup that could help me with this?
I've written a piece of assembler that calls the printf function,
and when I pass it into the buffer on my machine it does nothing and
segmentation faults. I'm using gas with gcc. I push the string onto
the stack call the function, add the memory space back to the stack,
and call the function to exit the program. I need someone's help to
explain why the hex code from this program does nothing.
Grant Diffey
2005-02-28 03:40:31 UTC
Permalink
Post by dude84
Post by E. Charters
did you terminate the string you stacked with a newline character?
--> "\n" ??
Yes I did terminate the string with a \n character.
I created a string variable and pushed the variable onto the stack.
File: message2.s
,data
.string "Hello World\n"
.global main
pushl $.LCO
call printf
addl $0x4,%esp
call exit
This program functions when run from a prompt. This program is
strictly assembler.
The \n is nice and all but it doesn't actually terminate the string you need
to have a \0 for printf to recognise that the string is finished.

BTW I strongly suggest you take a look at NASM as it has a syntax that's far
closer to tradition x86 assemblers such as MASM and TASM
--
All software sucks all hardware sucks.
Thomas D. Shepard
2005-03-03 12:31:46 UTC
Permalink
Post by dude84
,data
I would have said ".section .data" here.
Post by dude84
.string "Hello World\n"
I would have said ".asciz "Hello World\n" here, to make sure the string is
NULL terminated.
Post by dude84
.global main
pushl $.LCO
call printf
addl $0x4,%esp
call exit
This program functions when run from a prompt. This program is
strictly assembler.
Post by dude84
I need assistance with learning how to write assembler code (custom)
that will work with computer security related issues like a stack
based buffer overflow. Can anyone point me in the direction of a
newsgroup that could help me with this?
I've written a piece of assembler that calls the printf function,
and when I pass it into the buffer on my machine it does nothing and
segmentation faults. I'm using gas with gcc. I push the string onto
the stack call the function, add the memory space back to the stack,
and call the function to exit the program. I need someone's help to
explain why the hex code from this program does nothing.
Here are some useful resources:

http://www.phrack.org/show.php?p=49&a=14 is the definitive essay on buffer
overflows. Visiting this web site would be considered by many as
"suspicious activity."

"Professional Assembly Language," by Richard Blum, published by Wiley
(www.wiley.com) and Wrox (www.wrox.com) is a good book that covers
use of gcc and mixing assembly with C.

"The Definitive Guide to GCC," by Kurt Wall and William von Hagen,
published by Apress and Springer-Verlag, is a good reference on the gory
details of gcc.
--
Thomas D. Shepard
I am sorry, but you can't email me.
***@spam.sux is not a real email address. I figure if someone wants to
harvest an email address to use for sending spam, they may as well use this one.
Loading...