Shellcode 285#define NR_stime 25
#define __NR_ptrace 26
#define NR_alarm 27
#define NR_oldfstat 28
#define __NR_pause 29
#define NR_utime 30
#define NR_stty 31
#define __NR_gtty 32
#define NR_access 33
#define NR_nice 34
#define __NR_ftime 35
#define NR_sync 36
#define NR_kill 37
#define __NR_rename 38
#define NR_mkdir 39
...
For our rewrite of helloworld.c in assembly, we will make a system call to
the write() function for the output and then a second system call to exit()
so the process quits cleanly. This can be done in x86 assembly using just two
assembly instructions: mov and int.
Assembly instructions for the x86 processor have one, two, three, or no
operands. The operands to an instruction can be numerical values, memory
addresses, or processor registers. The x86 processor has several 32-bit registers
that can be viewed as hardware variables. The registers EAX, EBX, ECX, EDX,
ESI, EDI, EBP, and ESP can all be used as operands, while the EIP register
(execution pointer) cannot.
The mov instruction copies a value between its two operands. Using Intel
assembly syntax, the first operand is the destination and the second is the
source. The int instruction sends an interrupt signal to the kernel, defined
by its single operand. With the Linux kernel, interrupt 0x80 is used to tell
the kernel to make a system call. When the int 0x80 instruction is executed, the
kernel will make a system call based on the first four registers. The EAX register
is used to specify which system call to make, while the EBX, ECX, and EDX
registers are used to hold the first, second, and third arguments to the system
call. All of these registers can be set using the mov instruction.
In the following assembly code listing, the memory segments are simply
declared. The string "Hello, world!" with a newline character (0x0a) is in the
data segment, and the actual assembly instructions are in the text segment.
This follows proper memory segmentation practices.
helloworld.asm
section .data ; Data segment
msg db "Hello, world!", 0x0a ; The string and newline char
section .text ; Text segment
global _start ; Default entry point for ELF linking
_start: