Linux Local Descriptor Table
Is 32bit Intel ELF 0x80**** adreeses is default? nope. You can setup your own. Compiler will not see thembut you can do it. Setup LDT and you will see it.
1 2 3 4 5 | use32
mov dword [0] ,"Hall"
mov dword [4] ,"Ball"
mov dword [8] ,"Mall"
mov dword [12],0x00000000
|
yes everything starts from 0x0
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 | #include <stdlib.h>
#include <stdio.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <asm/ldt.h>
char new_segment[16];
int main()
{
int r;
struct user_desc *ldt;
ldt = (struct user_desc*)malloc(sizeof(struct user_desc));
ldt->entry_number = 0;
ldt->base_addr = ((unsigned long)&new_segment);
ldt->limit = 16;
ldt->seg_32bit = 0x1;
ldt->contents = 0x0;
ldt->read_exec_only = 0x0;
ldt->limit_in_pages = 0x0;
ldt->seg_not_present = 0x0;
ldt->useable = 0x1;
printf("Start\n");
r = syscall( __NR_modify_ldt, 1 , ldt , sizeof(struct user_desc) );
if ( r == -1 )
{
printf("Sorry\n");
exit( 0 );
}
asm("pushl %ds");
asm("movl $0x7, %eax"); /* 0111: 0-Index 1-Using the LDT table 11-RPL of 3 */
asm("movl %eax, %ds");
asm(".byte 0xc7,0x5,0x0,0x0,0x0,0x0,0x48,0x61,
0x6c,0x6c,0xc7,0x5,0x4,0x0,0x0,0x0,
0x42,0x61,0x6c,0x6c,0xc7,0x5,0x8,0x0,
0x0,0x0,0x4d,0x61,0x6c,0x6c,0xc7,0x5,
0xc,0x0,0x0,0x0,0x0,0x0,0x0,0x0");
asm("popl %ds");
printf("End\n");
printf("Segment [%s]\n",new_segment);
free( ldt );
return 0;
}
|
1 | asm(".byte ... ") // is code.bin
|
Compile:
1 2 3 | fasm code.asm code.bin
gcc main.c -o main
|
Downloads
linux_ldt.zip - 2KiB - http://archive.main.lv/files/writeup/linux_local_descriptor_table/linux_ldt.zip