I have this code that is supose to just display "Hello Hacker!". But when ever I run it it gives a segmentation fault error
#include <stdio.h>
char code[] = "\xba\x0e\x00\x00\x00\xb9\x4\x90\x04\x08\xbb\x01\x00\x00\x00\xb8\x04\x00\x00\x00\xcd\x80\xbb\x00\x00\x00\x00\xb8\x01\x00\x00\x00\xcd\x80";
int main()
{
void(*func) (void);
func = (void*) code;
func();
}
I am trying to run it on linux btw.
Thanks
It is likely that either your code is malformed, or that security protections prevent this from executing. IE, the string is in "string" space, but you are trying to exectute as though it is in executable code/text space. I'm not sure what you would need to do in that case. Is this for security research? Have you studied the appropriate processor and operating system documentation on how to do this? Have you tried changing the typing of your code[] array to const char* code = ...;?
As Rubberman alluded to, on modern processors, memory is not unitary. Most CPUs today break memory up into pages - blocks that can be manipulated my the hardware memory mangaement system - and mark the individual pages as to whether their contents can be modifed or not, and whether they can be executed or not. Generally speaking, any variables are going to be in memory marked as non-executable, and attempting to execute code within them will indeed cause a memory protection violation. The same is true of constants, in which case the page is also marked as non-writeable.
You mention that it is running under Linux, but you don't mention for what processor. I'll assume that it is meant to be 32-bit x86 code for now, but if it is for, say, a Raspberry Pi (which uses an ARM chip), or even just the AMD64 mode of an x86 processor, then my comments may not be correct.
If I am disassembling this code correctly, it comes out to the following (hex on the left, AT&T mnemonics in the middle, Intel mnemonics on the right):
ba : 0e 00 00 00 mov.l 0x0e, %edx : MOV EDX, 0Eh
b9 : 04 90 04 08 mov.l 0x08049004, %ecx : MOV ECX, 08049004h
bb : 01 00 00 00 mov.l 0x01, %ebx : MOV EBX, 01h
b8 : 04 00 00 00 mov.l 0x04, %eax : MOV EAX, 04h
cd : 80 int 0x80 : INT 80h
bb : 00 00 00 00 mov.l 0x00, %ebx : MOV EBX, 0
b8 : 01 00 00 00 mov.l 0x01, %eax : MOV EAX, 1
cd : 80 int 0x80 : INT 80h
It looks like all this is doing is passing a string to the screen print syscall, followed by the system exit syscall. Nothing exactly fancy, except... where is the char pointer in ECX actually pointing? The memory location it is referencing is hardcoded, but you don't actually have anything at that location, at least not in the current process. That by itself is likely to cause a segfault, even if the code were in an executable page.
@Schol-R-LEA
Yea it it for 32 bit cpu. And changing the
char []
Into an
const char*
Doesnt work. The shellcode is form a security book, all the other shellcode in that books also gives segmentation faults. The shellcode is written for 32 bit cpu.
While I don't know much about shellcoding in general, I did find this FAQ Illuminating fnord. Questions 6, 7 and 10 seem particularly relevant to your problems. After the FAQ portion, he includes a tutorial that has it's own version of the 'Hello' program, which seems to be written to avoid the NULL byte problem.
Thanks
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.