user904832
Reputation: 617
Segmentation fault in assembly program
I am trying to spawn a shell using the following code:
Section .Text
global _start
_start:
jmp short TrickCall
_ReturnHere:
pop esi
xor eax,eax
mov byte [esi+7],al
lea ebx,[esi]
mov long [esi+8],ebx
mov long [esi+12],eax
mov byte al,0x0b
mov ebx,esi
lea ecx,[esi+8]
lea edx,[esi+12]
int 0x80
TrickCall:
call _ReturnHere
db "/bin/shJAAAANNNN"
I am using gcc version 4.4.3 as my compiler. When I run it using gdb it gives the following output:
(gdb) run
Starting program: /root/spawn_shell
Program received signal SIGSEGV, Segmentation fault.
0x08048059 in _ReturnHere ()
It cannot access the memory address of _ReturnHere. Any way to get around this?
Upvotes: 1
Views: 314
Answers (1)
Necrolis
Reputation: 26171
Your problem is DEP, when you pop the return address off the stack and try to write to it, its not marked as writable, only readable & executable. You either need to disable DEP (bad, its meant to protect against exploits that do something like this) or put the text just after call _ReturnHere into a RW(X) memory.
Upvotes: 1
Related Questions
- Segmentation Fault in Assembly Language
- segmentation error in assembly code
- assembly, segmentation fault
- Assembly Segmentation fault: 11
- shell code assembly segfaults
- I am getting a segmentation fault when executing my simple program written in assembly
- Segmentation Fault happening before any code is run Assembly
- Segmentation fault in Assembly and string
- Segmentation Fault: 11 Assembly
- Segmentation Fault in Assembly