-2

I want to write assembly code that should run the following c function:

execv("/bin/sh", ["/bin/sh", 0])

I therefore wrote the following assembly code:

start:
    call main
    db '/bin/sh',7
main:
    xor edx, edx
    mov eax, 11    
    pop ebx
    push edx
    push ebx
    mov ecx, esp
    int 0x80

But somehow this does not work at all.. What exactly is wrong with it? I think I messed up something with the zerobyte of the array, but nor sure though.

nemo
  • 25
  • 1
  • 10
  • Yeah well `7` is definitely not `0`. Why do you think that would work? – Jester Mar 09 '16 at 00:05
  • I did not really check properly the db instruction.. Thought I should put the length there. Is everything else right? – nemo Mar 09 '16 at 00:24
  • Yes, if you put a `0` there it works. But note if you want to use at classical shellcode you are not allowed to have a zero byte in your code. The usual workaround is to create the zero at runtime. – Jester Mar 09 '16 at 00:26
  • Thank you. I will try to figure that out on my own ;) – nemo Mar 09 '16 at 08:30

1 Answers1

1

change the line with the string to:

db '/bin/sh', 0
nemo
  • 25
  • 1
  • 10