问题描述

我不太了解如何将变量存储在文本部分中以及如何对其进行操作.并非所有变量都在.data节中，也不是.text节的所有部分都是只读的吗?那么这段代码如何工作?

I don't quite understand how variables can be stored in the text section and how they can be manipulated. Shouldn't all variables be in the .data section and aren't all part of the .text section read-only? How does this code work then?

[摘自《 Shellcoder手册》 的代码]

[Code taken from Shellcoder's Handbook]

Section .text
global _start

_start:
    jmp short GotoCall

shellcode:
    pop esi
    xor eax, eax
    mov byte [esi + 7], al
    lea ebx, [esi]
    mov long [esi + 8], ebx
    mov long [esi + 12], eax
    mov byte al, 0x0b
    mov ebx, esi
    lea ecx, [esi + 8]
    lea edx, [esi + 12]
    int 0x80

GotoCall:
    call shellcode
    db '/bin/shJAAAAKKKK'

推荐答案

嗯，数据&代码只是字节.只有您如何解释它们才能使它们成为真实的事物.代码可以解释为数据，反之亦然.在大多数情况下，它会产生无效的东西，但无论如何还是有可能的.

Well, the data & code are just bytes. Only how you interpret them makes them what they are. Code can be interpreted as data and vice versa. In most case it will produce the something that's invalid but anyway it's possible.

该节的属性取决于链接器，默认情况下，大多数属性使.text节成为RO，但这并不意味着它不能更改.

Attributes of the section are dependant on the linker and most of them by default make the .text section RO, but it doesn't mean it can't be changed.

整个示例是仅使用call来获取/bin/sh地址的巧妙方法.基本上call会将下一条指令的地址(下一个字节)放在堆栈上，在这种情况下，它将是此字符串的地址，因此pop esi将从堆栈中获取该地址并使用它.

The whole example is a clever way to obtain the address of /bin/sh just by using the call. Basically the call places on the stack the address of the next instruction (next bytes) and in this case it will be the address of this string so pop esi will get that address from the stack and use it.

这篇关于x86 Assembly:“文本"部分中的数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！