问题描述

我正在学习计算机安全的基础知识，并且正在尝试执行我编写的一些 shellcode.我按照这里给出的步骤

I'm learning the basics of computer security and I'm trying to execute some shellcode I've written. I followed the steps given here

http://dl.packetstormsecurity.net/papers/shellcode/own-shellcode.pdf

http://webcache.googleusercontent.com/search?q=cache:O3uJcNhsksAJ:dl.packetstormsecurity.net/papers/shellcode/own-shellcode.pdf+own+shellcode&cd=1&hl=nl&ct=clnk&gl=nl

$ cat pause.s
xor %eax,%eax
mov $29,%al
int $0x80
$ as -o pause.o pause.s
$ ld -o pause pause.o
ld: warning: cannot find entry symbol _start; defaulting to <<some address here>>
$ ./pause
^C
$ objdump -d ./pause
pause:     file format elf64-x86_64
Disassembly of section .text:
      08048054 <.text>:
      8048054: 31 c0     xor    %eax,%eax
      8048056: b0 1d     mov    $0x1d,%al
      8048058: cd 80     int    $0x8
$

因为我的暂停程序可以工作，所以我只是将 objdump 输出复制到一个 c 文件中.

Since I got my pause program to work, I just copied the objdump output to a c file.

test.c:

int main()
{
    char s[] = "\x31\xc0\xb0\x1d\xcd\x80";
    (*(void(*)())s)();
}

但这会产生段错误.现在，这只能归因于 Arch Linux (?) 的安全措施.那么我怎样才能让它发挥作用?

But this produces a segfault. Now, this can only be due to security measures of Arch Linux (?). So how can I get this to work?

推荐答案

s 所在的页面未映射执行权限.由于您在 x86_64 上，您肯定在硬件上有 NX 支持.默认情况下，现在代码和数据位于非常独立的页面中，数据没有执行权限.

The page s lives in isn't mapped with execute permissions. Since you're on x86_64 you definitely have NX support in hardware. By default these days code and data live in very separate pages, with data not having the execute permission.

您可以使用 mmap() 或 mprotect() 分配或更改页面以具有 PROT_EXEC 权限.

这篇关于Linux 防止执行 shellcode 的安全措施的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！