9

I wrote a simple ASM file and ran it in a C file I'd written. I got a segentation fault. However, when I execute the compiled ASM file, I get no error.

I am running 64 bit and using 32 bit shellcode. Is that the issue?

It can't be, because I'm getting a segmentation fault with this:

char shellcode[] = "\x90"; //simple NOP in ASM
int main(int argc, char **argv)
{
  int (*ret)();
  ret = (int (*)()) shellcode;
  (int)(*ret)();
}

Can someone please run this and tell me whether or not they get a segmentation fault. I have used 3 or 4 other C files as well. None have worked.

Update:

((void(*)(void))code)();

Seems to be working in place of those three lines.

Improve this question
11
  • 1
    That is not how you use inline assembler... first, which compiler are you using? Here is how you do it with "gcc". Commented Jan 9, 2014 at 21:12
  • I think we have a problem of endian and stack frame. Commented Jan 9, 2014 at 21:17
  • 1
    On what platform (what operating system, what compiler)? It could be because your heap isn't executable. Commented Jan 9, 2014 at 21:17
  • "/x90" is supposed to be an address? Commented Jan 9, 2014 at 21:22
  • It's unlikely that an x86-64 OS will let you execute data in any case. Commented Jan 9, 2014 at 21:25

4 Answers 4

Reset to default
12

As mentioned above the shellcode is in non-executable memory. Try recompiling the program with the -fno-stack-protector and the -z execstack flags enabled.

That is:

gcc -fno-stack-protector -z execstack -O OutputFileName yourShellCode.c

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Alternatively, one can also run execstack OutputFileName on a binary already compiled without these supplementary parameters.
3

Two issues:

  1. The shell code might be in non-executable memory. In order to make it executable, you need to either ask the OS to make it executable (e.g. with mprotect(2) or VirtualProtect()), or allocate new executable memory and copy it there (e.g. with mmap(2) or VirtualAlloc().
  2. Your shell code doesn't return/exit. After the CPU executes your NOP there (0x90), it's going to keep on executing code in the memory that comes after that NOP instruction. Most likely, this will crash quickly, but it might do other random, unpredictable things.

To fix #2, you need to explicitly either execute a return instruction (C3 on x86/x86-64) to return from your shell code, or you need to do something which never returns, like call the exit(3) function.

Improve this answer

Comments

3

Maybe you should change your variable :

   char shellcode[]

To:

   const char shellcode[]

Like in this question: segmentation-fault-error-when-exe-c

This one worked for me! :)

Improve this answer

1 Comment

that did it! OS: Arch Linux x86_64 Kernel Release: 4.9.8-1-ARCH Uptime: 2:41 WM: i3 DE: None Packages: 765 RAM: 2405 MB / 5963 MB Processor Type: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz $EDITOR: None Root: 16G / 69G (23%) (ext4)
2

Try put the shellcode in the main function to make it a local variable:

int main(int argc, char **argv)
{
  const char shellcode[] = "<your shellcode>";
  int (*ret)();
  ret = (int (*)()) shellcode;
  (int)(*ret)();
}

Then compile it with flags -fno-stack-protector and -z execstack:

gcc <filename>.c -fno-stack-protector -z execstack -o <filename>

I found this idea on stackexchange and it worked for me.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.