Quote (SelfTaught @ Feb 18 2013 04:25pm)
Don't some (meaningful) things have to be coded in assembly like a bios, a digital clock, or similar things?
Haha that's annoying. Why is it understandable that he didn't want to use mmap because sockaddr_in is 16 bytes?
and I looked up the sockaddr_in struct on msdn out of curiosity to see if I could figure out how it was 16 bytes in size.
Is this right?
Code
struct sockaddr_in{
short sin_family; // 2 bytes
unsigned short sin_port;// 2 bytes
IN_ADDR sin_addr; // 4 bytes?
char sin_zero[8]; // 8 bytes
};
yes that is correct chars are always 1 byte in size. as for the rest they can change depending on what type they are. aka int and longs are 4 bytes, shorts are 2 bytes and yea.
reason why he didnt want to use mmap is because it creates memory for him and returns the address to the start of the memory block kind of like malloc in C. well for a measily 16 bytes it not only adds at least 5-7 lines of asm code but now you have an external memory source to worry about and deallocate. writing to the stack on the other hand is literally 1-2 lines (you just move the esp address down 16 bytes to make room for the data then supply that address to the function). although as you can see sometimes less code means more hassle.
another thing i like about asm is that you can combine multiple statements into one line.
take this snippet for example.
Code
sub $0x10, %esp #move %esp down 16 bytes
movl %esp, %eax #move modified %esp into %eax
can also be expressed as
Code
lea -0x10(%esp), %eax #load effective address of %esp - 16 and store it in %eax
if you want to learn more about asm and more of its uses you can visit blackhat library.
http://www.blackhatlibrary.net/Shellcode/Appendixthat link is their appendix of shellcode (code used in overflow exploits. some of it which i contributed to. (mostly all the 32bit stuff))
http://www.blackhatlibrary.net/Assemblythat is a general assembly page which goes over the basics of the language. instructions, registers, standard sizes such as short, long, byte, ascii, char, halfword, word, doubleword, quadword, etc.
http://www.blackhatlibrary.net/Buffer_overflowthat one describes buffer overflows (on linux of course lol) and describes some common techniques to protect against them and as well as bypass them. it even has an example program you can compile and attack against and follow along the steps to create a successful buffer overflow.
http://www.blackhatlibrary.net/Alphanumeric_shellcodealphanumeric shellcode is shellcode using instructions whose bytes are within the printable ascii range. these are generally harder to create because of lack of intstructions but they bypass IDS systems because they look like normal garbled text. such as
"TX4HPZTAZAYVH92"
translates into
Code
[root@ares bha]# objdump -d xarch32.o
xarch32.o: file format elf32-i386
Disassembly of section .text:
00000000 <_start>:
0: 54 push %esp
1: 58 pop %eax
2: 34 48 xor $0x48,%al
4: 50 push %eax
5: 5a pop %edx
6: 54 push %esp
7: 41 inc %ecx
8: 5a pop %edx
9: 41 inc %ecx
a: 59 pop %ecx
b: 56 push %esi
c: 48 dec %eax
d: 39 32 cmp %esi,(%edx)
[root@ares bha]# # Returns not-equal on a 64 bit system:
[root@ares bha]# objdump -d xarch64.o
xarch64.o: file format elf64-x86-64
Disassembly of section .text:
0000000000000000 <_start>:
0: 54 push %rsp
1: 58 pop %rax
2: 34 48 xor $0x48,%al
4: 50 push %rax
5: 5a pop %rdx
6: 54 push %rsp
7: 41 5a pop %r10
9: 41 59 pop %r9
b: 56 push %rsi
c: 48 39 32 cmp %rsi,(%rdx)
which actually detects if you are running on 32bit or 64bit or not so you can tailor code to a specific architecture
http://www.blackhatlibrary.net/Linux_assemblyand finally here is a list of all linux system calls that can be accessed through the kernel without needing an external library such as libc.
id just poke around and read some when youre bored most of this stuff is still in the works so its not proof read but it still mostly makes sense.