内联汇编

freegnu · 发表于 2005-5-4 11:42:31

/*
*code0.s
*/

jmp 0x0804948c\
popl %esi\
movl %esi, 0x8(%esi)\
xorl %eax, %eax\
movb %al, 0x7(%esi)\
movl %eax, 0xc(%esi)\
movb $0xb, %al\
movl %esi, %ebx\
leal 0x8(%esi), %ecx\
xorl %edx, %edx\
int $0x80\
call 0x08049475\
.string "/bin/sh"\

复制代码

code0.s能够正确运行

freegnu · 发表于 2005-5-4 11:43:36

/*
*code1.c
*/

int main()
{
__asm__
("\
jmp 0x0804948c\
popl %esi\
movl %esi, 0x8(%esi)\
xorl %eax, %eax\
movb %al, 0x7(%esi)\
movl %eax, 0xc(%esi)\
movb $0xb, %al\
movl %esi, %ebx\
leal 0x8(%esi), %ecx\
xorl %edx, %edx\
int $0x80\
call 0x08049475\
.string "/bin/sh"\
");
}

复制代码

$gcc code1.c
/tmp/ccPcT2ae.s: Assembler messages:
/tmp/ccPcT2ae.s:13: Error: junk `popl %esi movl %esi' after expression
/tmp/ccPcT2ae.s:13: Error: too many memory references for `jmp'

那位碰到过这种问题，是怎样解决的
thanks

freegnu · 发表于 2005-5-4 11:44:43

付code1.s

.file "code1.c"
.text
.globl main
.type main, @function
main:
pushl %ebp
movl %esp, %ebp
subl $8, %esp
andl $-16, %esp
movl $0, %eax
subl %eax, %esp
#APP
jmp 0x0804948c popl %esi movl %esi, 0x8(%esi) xorl %eax, %eax movb %al, 0x7(%esi) movl %eax, 0xc(%esi) movb $0xb, %al movl %esi, %ebx leal 0x8(%esi), %ecx xorl %edx, %edx int $0x80 call 0x08049475 .string "/bin/sh"
#NO_APP
leave
ret
.size main, .-main
.section .note.GNU-stack,"",@progbits
.ident "GCC: (GNU) 3.3.4 (Debian 1:3.3.4-6sarge1)"

复制代码

Tetris · 发表于 2005-5-4 12:21:00

我faint. 你看看gcc内联汇编的格式先。

		自动登录	找回密码
密码			注册

内联汇编

浏览过的版块