x86 (32-bit)
Compiling ASM in x86
$ nasm -f elf32 -o <file>.o <file>.asm
$ ld -o <file> <file>.o
# If you want to use libc instead of syscalls, use GCC
$ gcc -o <file> <file>.oFinding Syscalls
$ cat /usr/include/i386-linux-gnu/asm/unistd_32.h GDB
Finding Entry Points
(gdb) shell readelf -h <file>Debugging Commands
(gdb) info proc mappings ; Show memory space
(gdb) info functions ; Show available functions
(gdb) info variables ; Show available variables
(gdb) prints $eflags ; Prints the current Eflags
(gdb) break *&code ; Breat at the beginning of the shellcodeHooking
(gdb) define hook-stop ; Setting the hooks
> print/x $eax ; Prints the current EAX register in hex
> print/x $ebx ; Prints the current EBX register in hex
> print/x $ecx ; Prints the current ECX register in hex
> print/x $edx ; Prints the current EDX register in hex
> x/8xb &data ; Examine next 8 hex values at data location byte-by-byte
> x/8cb &data ; Examine next 8 character values at data location byte-by-byte
> disassemble $eip,+5 ; Disassemble next 5 values from the current EIP register
> end
* Display (Show the following outpus w/o hooking)
(gdb) display/x $eax
(gdb) display/x $ebx
(gdb) display/x $ecxReferences/Resources
- Intel IA-32 Manuel - Intel® 64 and IA-32 ArchitecturesSoftware Developer’s Manual
- Shellcoding - http://www.shell-storm.org
- http://exploit.db.com
- http://www.projectshellcode.com