我正在学习汇编并编写以下内容:
Section .text
global _start
_start:
jmp short GoToFilename
open:
pop esi ; esi gets address of the filename
xor eax, eax ; clear eax
mov [esi+13], al ; terminate file name(see # at the end of the first db)
mov dl, 0xa ; dl gets code of newline(\n)
mov byte [esi+15], dl ; place it between A and # (see 2nd db)
mov [esi+16], al ; place NULL for # (at the 2nd db) gets
lea edi, [esi+14] ; edi gets address of input text (here it should be only A as input)
mov [esi+17], edi ; place its address for XXXX
mov dx, 0x1b6 ; permissions
mov cl, 0x42 ; flags
mov ebx, esi ; address of file name
mov al, 0x5 ; syscall of open
int 0x80 ; go, lets do it
mov edi, eax ; put handle to file in edi
xor eax, eax ; clear because we will need it
write:
xor edx, edx
xor ecx, ecx
xor ebx, ebx
mov dl, 0x1 ; number of bytes to write = 1
lea ecx, [esi+17] ; ecx gets address of input text
mov ebx, edi ; put handle to file in edi
mov al, 0x4 ; syscall of write
int 0x80 ; go, lets do it
close:
mov ebx, edi ; handle to file
mov al, 0x6 ; syscall of open
int 0x80 ; go, lets do it
exit:
xor ebx, ebx ; clear ebx
mov al, 0x1 ; syscall of exit
int 0x80 ; go, lets do it
GoToFilename:
call open
db '/tmp/file.txt#'
db 'A #XXXX'
[为此,我使用 jmp-call-pop-technique。那些知道什么是 shellcode 的人会知道我的意思,但如果不是,那么它在这里就不那么重要]
因此,当我让它运行时,会创建文件,但是当我打开文件时,我会在文件中看到符号 #,而不是字符“A”。
你知道我在哪里犯错了吗?我找不到它。我检查了偏移量,多次检查代码......但没有成功。
此致,