1. 技术文章
  2. I want to convert x86 Linux shellcode with system calls to ARM Linux system calls

I want to convert x86 Linux shellcode with system calls to ARM Linux system calls

强颜欢笑 提交于 2019-12-13 10:29:56

问题


I want to convert Intel x86 assembly code to ARM. I do not know how to use the stack.

I wrote a call to execve using an int 0x80 system call for 32-bit x86 Linux.
However, ARM uses svc or swi.

But I do not know how to use something like this:
push 0x0068732f and push 0x6e69622f

.globl main
main:

push 0x0068732f
push 0x6e69622f

mov edx, 0
mov ecx, 0
mov ebx, esp
mov eax, 11
int 0x80

mov ebx, 0
mov eax, 1
int 0x80

The syscall on arm expects to use the swi to look like this:

.global _start

_start:
    ?????
    mov r7, #11
    swi #0

_exit:
    mov r7, #1
    swi #0

I want to use the stack push method rather than the .ascii method.


回答1:


man syscall

    arch/ABI    instruction           syscall #  retval  error    Notes
   ────────────────────────────────────────────────────────────────────
   arm/EABI    swi 0x0               r7         r0      -
   x32         syscall               rax        rax     -        [5]


   arch/ABI      arg1  arg2  arg3  arg4  arg5  arg6  arg7  Notes
   ──────────────────────────────────────────────────────────────
   arm/EABI      r0    r1    r2    r3    r4    r5    r6

See: ARM constants

.global _start

.equ    label1, 0x0068732f
.equ    label2, 0x6e69622f

_start:
 movw    r3, #:lower16:label1
 movt    r3, #:upper16:label1
 movw    r2, #:lower16:label2
 movt    r2, #:upper16:label2
 push    {r2,r3}

 mov R3, #0
 mov R2, #0
 mov R1, #0
 mov r0, sp
 mov r7, #11
 swi #0

_exit:
 mov r0, #0
 mov r7, #1
 swi #0

Here is another example,

asm mov r0, #0
push {r0}
movw r1, #0x6548 @ He 
movt r1, #0x6c6c @ ll 
movw r2, #0x576f @ oW 
movt r2, #0x726f @ or 
movw r3, #0x646c @ ld 
movt r3, #0x0a32 @ 2\n
push {r1,r2,r3}  @ move register 'string' to stack.
@ write(unsigned int fd, const char *buf, size_t count) 
mov r0, #1  @ stdout 
mov r1, sp  @ load string from stack 
mov r2, #12 @ length 
mov r7, #4  @ write() syscall number
swi #0      @ syscall

Most modern ARM CPUs will support movw/movt. There are other ways to do this. But they are like '.ascii' as ARM code can contain constants. That is the old style as discussed in the blog above. I might have some ordering mixed up in the code above, but I think it is right.



来源:https://stackoverflow.com/questions/56826583/i-want-to-convert-x86-linux-shellcode-with-system-calls-to-arm-linux-system-call

标签
assembly
x86
arm
shellcode
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!