Jump to content


Check out our Community Blogs

RhetoricalRuvim

Member Since 16 Sep 2010
Offline Last Active Oct 25 2017 03:39 PM
-----

#591450 Can anyone help me understand this asm code (It's short)

Posted by RhetoricalRuvim on 15 February 2011 - 06:14 AM

But that doesn't make too much sense, though; it worked when I tried something like this (this is MASM32):
.386 
.model flat, stdcall 
option casemap:none 
include \RS\include\ifiles.inc 
.data 
.data? 
.code 
start: 

jmp some_string 

print_some_string: 
pop eax ;; address of some_string 
push eax 
call StdOut 

push eax 
call ExitProcess 

some_string: 
call print_some_string 
db "Hello, how are you? ", 0 

end start

And, by the way, the "\RS\include\ifiles.inc" file is a file that was made by me and that has nothing more than just a few "include" statements that I don't want to type every time I want to make a program and a few macros that I made for myself.
  • 1


#591449 Can anyone help me understand this asm code (It's short)

Posted by RhetoricalRuvim on 15 February 2011 - 06:09 AM

So I still don't really get what you're doing there. If you use "pop rsi" then doesn't it mean that you're in 64-bit mode? But then you use 32-bit registers for addressing? I don't know if that's the problem, but it might have something to do with the string being in the code segment, maybe?
  • 1


#591333 Can anyone help me understand this asm code (It's short)

Posted by RhetoricalRuvim on 14 February 2011 - 07:33 AM

So why not use system call 1 (exit), right after you use int 0x80? As far as I understand, int 0x80 is a Linux system call. So right before the GotoCall label, try inserting something like this:
xor ebx, ebx    ;; clear ebx 
mov eax, 1    ;; Linux exit system call number 
int 0x80
And I am not totally sure, maybe you can read data from the code segment, but you might get a fault if you try to modify the code segment, so I am not totally sure about the idea of having strings in the code segment; although you can try it this way and then if it doesn't work you can try the other way. And I think there's probably some keyword for YASM to use relative addressing.
  • 1


#591256 Can anyone help me understand this asm code (It's short)

Posted by RhetoricalRuvim on 13 February 2011 - 03:18 PM

section     .text
    global _start
_start:
    jmp short      GotoCall
shellcode:
     pop            rsi
     xor            eax, eax
     mov  byte      [esi + 7], al
     lea            ebx, [esi]
     mov  long      [esi + 8], ebx
     mov  long      [esi + 12], eax
     mov  byte      al, 0x0b
     mov            ebx, esi
     lea            ecx, [esi + 8]
     lea            edx, [esi + 12]
     int            0x80
GotoCall:
     Call            shellcode
     db             '/bin/shJAAAAKKKK'

At the label shellcode, what are you trying to do by "pop rsi" ? Are you trying to get the address of the next instruction after the call statement at the label GotoCall (because that's how it appears to be)? After the call statement at the GotoCall label, aren't you supposed to do something like return or exit? And right before the GotoCall label, aren't you supposed to either exit the program or return from the function call (that you called at the GotoCall label)?

Edit: Oh, and another thing: shouldn't the "db '/bin/shJAAAAKKKK'" be in the .data section?
;; such as: 
section .data 
db '/bin/shJAAAAKKKK'
And also, don't you want to label it? Like this:
section .data 
some_label_for_some_string_001        db '/bin/shJAAAAKKKK'
?

Edit:

### What is all this???####
0x00000000004000a7 <_start+39>:	(bad)  
0x00000000004000a8 <_start+40>:	(bad)  
0x00000000004000a9 <_start+41>:	imul   $0x414a6873,0x2f(%rsi),%ebp
0x00000000004000b0 <_start+48>:	rex.B
0x00000000004000b1 <_start+49>:	rex.B
0x00000000004000b2 <_start+50>:	rex.B
0x00000000004000b3 <_start+51>:	rex.WXB
0x00000000004000b4 <_start+52>:	rex.WXB
0x00000000004000b5 <_start+53>:	rex.WXB
0x00000000004000b6 <_start+54>:	rex.WXB
End of assembler dump.

That's probably the disassembled version of this machine code:
/bin/shJAAAAKKKK
Even though it's not machine code, you can't prove to the processor that it's not, unless you tell it to stay out of that area. If the processor gets there then, no matter how much it doesn't make sense, the processor would try to execute whatever is there.
  • 1


#590901 general question about i/o in assembly

Posted by RhetoricalRuvim on 09 February 2011 - 03:44 PM

I don't know whether I am right or wrong, but as far as I know Windows PE programs are structured sort of like this:
section: rdata
exitprocess DWORD ?
section: code
call ExitProcess
section: code
ExitProcess: jmp dword ptr [exitprocess]

So that the PE loader loads the actual address of the ExitProcess() function into the 'exitprocess' dword, so the program can call that function using some sort of that method. I do not know how the assembler or the PE loader knows where to load what address, though.

And interrupts and input/output instructions are generally not allowed for regular programs to use.

Correct me if I'm wrong, but this is as far as I know.
  • 1


#590177 TASM, validate user input 5digit, how?

Posted by RhetoricalRuvim on 03 February 2011 - 06:12 AM

I made a .com file; it did work.

I attached the file in the .zip folder.

Attached Files


  • 1


#589732 A little "C" Help

Posted by RhetoricalRuvim on 30 January 2011 - 06:20 AM

There are different variable types in C. But there are also variable pointers (just in case you don't know, pointers are variables that point to the actual variable in memory, meaning that a pointer is a memory address that you can use to access that variable). When you use "char string_name[#];" in C, the variable type is an array of characters; since it's an array, when you use "string_name" as an argument for a function it actually passes the pointer or memory address of "string_name", since that's what C does. The * in front of compareWith means that compareWith is a pointer. The char in front of the * means that compareWith is a pointer to a char type of variable. With pointers to strings, you can just use character pointers, as long as you have the address of that string, so you can use it for function arguments and other things.

The other question you asked is if you can only compare two things with strcmp. When you use the strcmp() function, you can only compare two strings. There's also strncmp(), which is similar to strcmp() and is used to compare two strings for no more than a certain number of characters. You can also make your own functions that do that, too; you would probably have to use pointers and other variables. You just have to know what, exactly, you are doing (which is pretty much why it is better to make the program plan first, before coding).

About the "john" and "JohN", you can either make or find your own non-case-sensitive string-comparing function, or you could make or find a function that lowers the case of a string (or returns another string that is the lower-case version of the passed string) and use strcmp() to compare the string to another string.
  • 1


#587281 Recursion in TASM

Posted by RhetoricalRuvim on 11 January 2011 - 11:29 PM

I don't think this one part matters too much, but I still decided to mention it:

.data
	num_iter dw 6
	endl db 0Ah, 0Dh, '$'

It's just that a new-line character is:
endl db 0Dh, 0Ah, ...
(so it's 13, 10, and not 10, 13), but, once again, I think this part is not too important.

There's this other part that I noticed:

recursive proc
	push bp
	mov bp, sp
	
	mov bx, [bp]+4
	or bx, bx
	jz end_rec
	
        mov ah, 2
	mov dx, 30h
	mov cx, bx
	loop1:
		int 21h
		inc dx
	loop loop1

        mov ah, 9
        lea dx, endl
        int 21h

	dec bx
	push bx
	call recursive
	pop bx
	end_rec:
	pop bp
	ret
recursive endp

It's this part:
end_rec:
	pop bp
	ret
recursive endp
that I think should be something like this:
end_rec: 
mov sp, bp 
pop bp 
ret 
recursive endp
There's also this, that I noticed:

recur proc pascal near
arg n:byte

I don't know how TASM works, but it's just that 'iter' is a word value, while the argument for the proc is a byte value; but, once again, I'm not sure how TASM handles this.

These are just some things I noticed, when looking at your code, but I am not sure about what the problem might be in.
  • 1


#584038 Simple Reverse String Algorithm

Posted by RhetoricalRuvim on 14 December 2010 - 06:00 PM

At the area where it is:
BEG:
	mov bx, [di]
	mov bp, [si]
	mov [di], bp
	mov [si], bx
	dec si
	inc di
	cmp di, si
	jl BEG
would it work if you use 'al' and 'ah', instead of 'bx' and 'bp'?
  • -1




Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download