{"id":4220,"date":"2014-05-26T04:21:01","date_gmt":"2014-05-25T19:21:01","guid":{"rendered":"http:\/\/www.vincentina.net\/?p=4220"},"modified":"2014-05-26T04:21:01","modified_gmt":"2014-05-25T19:21:01","slug":"%e3%82%b7%e3%82%a7%e3%83%ab%e3%82%b3%e3%83%bc%e3%83%89%e3%81%ab%e6%8c%91%e6%88%a6","status":"publish","type":"post","link":"https:\/\/www.vincentina.net\/?p=4220","title":{"rendered":"\u30b7\u30a7\u30eb\u30b3\u30fc\u30c9\u306b\u6311\u6226"},"content":{"rendered":"

\u6d41\u308c\u306b\u6d41\u308c\u3066\u4eca\u56de\u306f\u30b7\u30a7\u30eb\u30b3\u30fc\u30c9\u306b\u6311\u6226\u3057\u3066\u307f\u3088\u3046\u3068\u601d\u3044\u307e\u3059\u3002<\/p>\n

\u307e\u305a\u30b7\u30a7\u30eb\u30b3\u30fc\u30c9\u3068\u306f<\/p>\n

\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30db\u30fc\u30eb\u3092\u5229\u7528\u3059\u308b\u30da\u30a4\u30ed\u30fc\u30c9\u3068\u3057\u3066\u4f7f\u308f\u308c\u308b\u30b3\u30fc\u30c9\u65ad\u7247\u3067\u3042\u308b\u3002
\nBy Wikipedia<\/p>\n

\u3044\u308f\u3086\u308bfragment<\/span>\u3060\u3002<\/p>\n

\u3068\u308a\u3042\u3048\u305a\u53c2\u8003\u30b5\u30a4\u30c8\u306e\u307e\u307e\u306b\u6a29\u9650\u3092\u53d6\u5f97\u3059\u308b\u30b3\u30fc\u30c9\u3092\u8a66\u3057\u3067\u3084\u3063\u3066\u307f\u305f\u3002
\n\u5b9f\u884c\u7d50\u679c\u3057\u304b\u8f09\u305b\u306a\u3044\u3051\u3069\u3001\u3046\u307e\u304f\u3044\u304b\u305a\u306b\u7d50\u69cb\u6642\u9593\u306f\u304b\u304b\u3063\u3066\u308b\u3002
\n\u30a2\u30bb\u30f3\u30d6\u30e9\u3080\u305a\u304b\u3057\u3044\u3002<\/p>\n

\r\n[takeken@32bittest]$ id\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 [\/home\/takeken\/asm]\r\nuid=500(takeken) gid=500(takeken)\r\n[takeken@32bittest]$ .\/shelltest.o\r\nsh-4.1# zsh\r\n[root@32bittest]$ id\r\nuid=0(root) gid=500(takeken)\r\n[root@32bittest]$\r\n<\/pre>\n
 <\/p>\n
\u3055\u304f\u3063\u3068root\u304c\u53d6\u308c\u3061\u3083\u3046\u3088\u3046\u306a\u3001\u3053\u3046\u3044\u3046\u3082\u306e\u3089\u3057\u3044\u3051\u3069\u30fb\u30fb\u30fb\u3001\u30b5\u30f3\u30d7\u30eb\u304c\u3053\u3046\u3044\u3046\u306e\u3057\u304b\u306a\u304f\u8a66\u3057\u305f\u3060\u3051\u3067\u3042\u3063\u3066\u3001\u81ea\u5206\u3067\u30a2\u30bb\u30f3\u30d6\u30e9\u3092\u4f7f\u3063\u3066\u306a\u306b\u304b\u4f5c\u308a\u305f\u3044\u306e\u3055\u3002<\/p>\n
\u30a2\u30bb\u30f3\u30d6\u30ea\u306b\u8a73\u3057\u304f\u306a\u308a\u305d\u3046\u3060\u3057\u3001\u307e\u305a\u306f\u3084\u3063\u3071\u308aHello World\u3060\u308f\u3088\u306d\u3002<\/p>\n
\u3068\u308a\u3042\u3048\u305a\u524d\u56de\u4f5c\u3063\u305fHello World\u306e\u30b3\u30fc\u30c9\u3092\u4fee\u6b63\u3059\u308b\u3002
\n-nostdlib\u30aa\u30d7\u30b7\u30e7\u30f3\u3092\u4f7f\u3046\u3088\u3046\u306b\u3001\u77ed\u3044\u30b3\u30fc\u30c9\u306b\u3059\u308b\u3002<\/p>\n
\r\n[takeken@32bittest]# cat hello2.s\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 [\/home\/takeken\/asm]\r\n.att_syntax noprefix\r\n.global _start\r\n\r\n_start:\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 $1, %ebx\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 $4, %eax\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0 \u3000\u3000\u00a0 $msg, %ecx\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 $15,\u00a0\u00a0\u00a0 %edx\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 int\u00a0 \u3000\u3000\u3000 \u00a0 $0x80\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 $1,\u00a0\u00a0\u00a0\u00a0 %eax\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 int\u00a0\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 $0x80\r\n\r\n.data\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 msg:\u00a0\u00a0\u00a0 .ascii "Hello, World!!\\n"\r\n\r\n\r\n[takeken@32bittest]# .\/hello2\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 [\/home\/takeken\/as\r\nHello, World!!\r\n[takeken@32bittest]#\u00a0\u00a0\u00a0 <\/pre>\n
 <\/p>\n
\u5b9f\u884c\u53ef\u80fd\u3068\u306a\u308a\u307e\u3057\u305f\u3002
\n\u3060\u3051\u3069\u3053\u306e\u307e\u307e\u3067\u306f\u30c0\u30e1\u306a\u3088\u3046\u3067\u3001\u30b7\u30a7\u30eb\u30b3\u30fc\u30c9\u306f\u30cc\u30eb\u30d0\u30a4\u30c8\u3092\u306a\u304f\u3055\u306a\u3044\u3068\u3044\u3051\u306a\u3044\u3089\u3057\u3044\u3002<\/p>\n
\u30ec\u30b8\u30b9\u30bf\u306e\u3053\u3068\u306f\u307e\u3060\u3044\u307e\u3044\u3061\u5206\u304b\u3063\u3066\u306a\u3044\u306e\u3067\u3001\u30d1\u30ba\u30eb\u5f0f\u306b\u3084\u3063\u3066\u307f\u308b\u3002
\npush\u3068add\u3092\u4f7f\u3063\u3066\u3001\u30cc\u30eb\u306b\u306a\u3089\u306a\u3044\u3088\u3046\u306b\u3057\u3066\u307f\u305f\u3002<\/p>\n
\r\n[takeken@32bittest]# cat hello2.s\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 [\/home\/takeken\/asm]\r\n.att_syntax noprefix\r\n.global _start\r\n\r\n_start:\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 $1, %ebx\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 $4, %eax\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 $msg, %ecx\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 $15,\u00a0\u00a0\u00a0 %edx\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 int\u00a0\u00a0\u00a0\u00a0 $0x80\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 $1,\u00a0\u00a0\u00a0\u00a0 %eax\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 int\u00a0\u00a0\u00a0\u00a0 $0x80\r\n\r\n.data\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 msg:\u00a0\u00a0\u00a0 .ascii "Hello, World!!\\n"\r\n\r\n[takeken@32bittest]# objdump -d hello\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \r\n\r\nhello:\u00a0\u00a0\u00a0\u00a0 file format elf32-i386\r\n\r\n\r\nDisassembly of section .text:\r\n\r\n080480b8 <_start>:\r\n\u00a080480b8:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 31 d2\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 xor\u00a0\u00a0\u00a0 %edx,%edx\r\n\u00a080480ba:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 6a 01\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 push\u00a0\u00a0 $0x1\r\n\u00a080480bc:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 53\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 push\u00a0\u00a0 %ebx\r\n\u00a080480bd:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 83 c0 04\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 add\u00a0\u00a0\u00a0 $0x4,%eax\r\n\u00a080480c0:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 b9 d0 90 04 08\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0 $0x80490d0,%ecx\r\n\u00a080480c5:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 83 c2 0f\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 add\u00a0\u00a0\u00a0 $0xf,%edx\r\n\u00a080480c8:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 cd 80\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 int\u00a0\u00a0\u00a0 $0x80\r\n\u00a080480ca:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 b0 01\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0 $0x1,%al\r\n\u00a080480cc:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 cd 80\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 int\u00a0\u00a0\u00a0 $0x80\r\n[takeken@32bittest]# .\/hello2\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \r\nHello, World!!\r\n<\/pre>\n
 <\/p>\n
\u3054\u89a7\u306e\u3088\u3046\u306b\u30cc\u30eb\u30d0\u30a4\u30c8\u304c\u306a\u304f\u306a\u308a\u3001\u5b9f\u884c\u3082\u53ef\u80fd\u306a\u72b6\u614b\u3068\u306a\u3063\u305f\u3002<\/p>\n
\u3060\u304c<\/span><\/p>\n
C\u306e\u5f62\u5f0f\u306b\u3057\u3066\u307f\u3066\u5b9f\u884c\u3057\u3066\u3082<\/p>\n
\n
\r\n\r\nobjdump -M att -d hello2 | grep '^ ' | cut -f2 | perl -pe 's\/(\\w{2})\\s+\/\\\\x\\1\/g'\r\n#include <stdio.h>\r\n\r\nchar shellcode[] = "\\x31\\xd2\\x6a\\x01\\x53\\x83\\xc0\\x04\\xb9\\xd0\\x90\\x04\\x08\\x83\\xc2\\x0f\\xcd\\x80\\xb0\\x01\\xcd\\x80";\r\n\r\nint main()\r\n{\r\n\u00a0\u00a0\u00a0 printf("sizeof(shellcode) == %d\\n", sizeof(shellcode));\r\n\u00a0\u00a0\u00a0 (*(void (*)())shellcode)();\r\n}\r\n$ .\/aa.o\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 [\/home\/takeken\/asm]\r\nsizeof(shellcode) == 23\r\nzsh: segmentation fault\u00a0 .\/aa.o\r\n<\/pre>\n
 <\/p>\n
 <\/p>\n
\u3060\u3081\u3089\u3057\u3044\u3002<\/p>\n
\u3046\u30fc\u3093\u30fb\u30fb\u30fb\u3002<\/p>\n
\u3069\u3046\u3057\u305f\u3082\u3093\u304b\u306a\u3041\u3002<\/p>\n
\u666e\u901a\u306b\u30c7\u30d0\u30c3\u30b0\u3057\u3066\u307f\u305f\u3082\u306e\u306e<\/p>\n
\r\n(gdb) next\r\nSingle stepping until exit from function shellcode,\r\nwhich has no line number information.\r\n\r\nProgram received signal SIGSEGV, Segmentation fault.\r\n0x0804966c in shellcode ()\r\n(gdb) next\r\nSingle stepping until exit from function shellcode,\r\nwhich has no line number information.\r\n\r\nProgram terminated with signal SIGSEGV, Segmentation fault.\r\nThe program no longer exists.\r\n<\/pre>\n
 <\/p>\n
 <\/p>\n
\u3046\u30fc\u3093\u3001\u5206\u304b\u3089\u3093\u3002<\/p>\n
nasm\u5f0f\u3068\u3044\u3046\u306e\u304c\u3042\u308b\u3089\u3057\u3044\u306e\u3067\u3001\u305d\u3063\u3061\u3067\u3084\u3063\u3066\u307f\u308b\u3053\u3068\u306b\u3057\u305f\u3002<\/p>\n
\r\n[takeken@32bittest nasm]$ cat hello.asm\r\nsection .text\r\nglobal _start\r\n\r\nBITS 32\r\n\r\n_start:\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 xor\u00a0\u00a0\u00a0\u00a0 edx, edx\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 ebx, 1\u00a0\u00a0\u00a0 ; stdout\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 eax, 4\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ; write\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 ecx, msg\u00a0\u00a0\u00a0 ; address\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 edx, len\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 int 0x80\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 eax, 1\u00a0\u00a0\u00a0\u00a0\u00a0 ; sys_exit\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 int 0x80\r\n\r\nsection .data\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 msg\u00a0\u00a0\u00a0\u00a0 db\u00a0\u00a0\u00a0\u00a0\u00a0 'hello, world',0xa\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 len\u00a0\u00a0\u00a0\u00a0 equ\u00a0\u00a0\u00a0\u00a0 $ - msg\r\n\r\n[takeken@32bittest nasm]$ .\/hello\r\nhello, world\r\n<\/pre>\n
 <\/p>\n
 <\/p>\n
\u3068\u308a\u3042\u3048\u305a\u5b9f\u884c\u3067\u304d\u308b\u3088\u3046\u306b\u306f\u306a\u3063\u305f\u3082\u306e\u306e\u3002<\/p>\n
\r\n[takeken@32bittest nasm]$ objdump -d hello.o\r\n\r\nhello.o:\u00a0\u00a0\u00a0\u00a0 file format elf32-i386\r\n\r\n\r\nDisassembly of section .text:\r\n\r\n00000000 <_start>:\r\n\u00a0\u00a0 0:\u00a0\u00a0 31 d2\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 xor\u00a0\u00a0\u00a0 %edx,%edx\r\n\u00a0\u00a0 2:\u00a0\u00a0 bb 01 00 00 00\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0 $0x1,%ebx\r\n\u00a0\u00a0 7:\u00a0\u00a0 b8 04 00 00 00\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0 $0x4,%eax\r\n\u00a0\u00a0 c:\u00a0\u00a0 b9 00 00 00 00\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0 $0x0,%ecx\r\n\u00a0 11:\u00a0\u00a0 ba 0d 00 00 00\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0 $0xd,%edx\r\n\u00a0 16:\u00a0\u00a0 cd 80\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 int\u00a0\u00a0\u00a0 $0x80\r\n\u00a0 18:\u00a0\u00a0 b8 01 00 00 00\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0 $0x1,%eax\r\n\u00a0 1d:\u00a0\u00a0 cd 80\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 int\u00a0\u00a0\u00a0 $0x80\r\n<\/pre>\n
\u305d\u308a\u3083\u305d\u3046\u306a\u3093\u3060\u304c\u3001\u30cc\u30eb\u30cc\u30eb\u306a\u306e\u3067\u3042\u3063\u305f\u3002<\/p>\n
\u3055\u3063\u304d\u306e\u8981\u9818<\/span>\u3067\u30cc\u30eb\u9664\u53bb\u3092\u9032\u3081\u3066\u3044\u304f\u3093\u3060\u304c\u3001\u3046\u307e\u304f\u3044\u304b\u306a\u3044\u3089\u3057\u3044\u3002<\/p>\n
\u3082\u3046\u30c0\u30e1\u304b\u306a\u30fc\u306a\u3093\u3066\u601d\u3063\u3066\u305f\u3089NASM\u306f\u5909\u6570\u30bf\u30a4\u30d7\u3092\u4fdd\u5b58\u3057\u306a\u3044<\/a>\u3068\u3044\u3046\u306e\u3092\u767a\u898b\u3057\u3066\u9583\u3044\u305f\u3002<\/span><\/p>\n
\r\n[takeken@32bittest nasm]$ cat hello.asm\r\nsection .text\r\nglobal _start\r\n\r\nBITS 32\r\n\r\nfoo equ 1\r\nbar equ 4\r\n\r\n_start:\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 xor\u00a0\u00a0\u00a0\u00a0 edx, edx\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 bl,foo\u00a0\u00a0\u00a0 ; stdout\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 al,bar\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ; write\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 ecx, msg\u00a0\u00a0\u00a0 ; address\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 dl, len\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 int 0x80\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0 al, 1\u00a0\u00a0\u00a0\u00a0\u00a0 ; sys_exit\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ah, 0\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 int 0x80\r\n\r\nsection .data\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 msg\u00a0\u00a0\u00a0\u00a0 db\u00a0\u00a0\u00a0\u00a0\u00a0 'hello, world',0xa\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 len\u00a0\u00a0\u00a0\u00a0 equ\u00a0\u00a0\u00a0\u00a0 $ - msg\r\n\r\n[takeken@32bittest nasm]$ nasm -f elf hello.asm && ld -s -o hello hello.o\r\n[takeken@32bittest nasm]$ .\/hello\r\nhello, world\r\n[takeken@32bittest nasm]$ objdump -d hello\r\n\r\nhello:\u00a0\u00a0\u00a0\u00a0 file format elf32-i386\r\n\r\n\r\nDisassembly of section .text:\r\n\r\n08048080 <.text>:\r\n\u00a08048080:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 31 d2\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 xor\u00a0\u00a0\u00a0 %edx,%edx\r\n\u00a08048082:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 b3 01\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0 $0x1,%bl\r\n\u00a08048084:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 b0 04\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0 $0x4,%al\r\n\u00a08048086:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 b9 98 90 04 08\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0 $0x8049098,%ecx\r\n\u00a0804808b:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 b2 0d\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0 $0xd,%dl\r\n\u00a0804808d:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 cd 80\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 int\u00a0\u00a0\u00a0 $0x80\r\n\u00a0804808f:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 b0 01\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0 $0x1,%al\r\n\u00a08048091:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 b4 00\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mov\u00a0\u00a0\u00a0 $0x0,%ah\r\n\u00a08048093:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 cd 80\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 int\u00a0\u00a0\u00a0 $0x80\r\n<\/pre>\n
\u304a\u304a\u304a\u30fc\u3002<\/p>\n
 <\/p>\n
[takeken@32bittest nasm]$ .\/mike
\n\u30bb\u30b0\u30e1\u30f3\u30c6\u30fc\u30b7\u30e7\u30f3\u9055\u53cd\u3067\u3059\u3000orz<\/span><\/p>\n
\u30c0\u30e1\u304b\u3002<\/p>\n
\u306a\u306b\u304b\u9055\u3046\u3068\u3053\u308d\u306b\u539f\u56e0\u304c\u3042\u308b\u306e\u304b\u3082\u3057\u308c\u306a\u3044\u3002<\/p>\n
 <\/p>\n
\u53c2\u8003\u30b5\u30a4\u30c8<\/p>\n
\u6280\u8853\u30e1\u30e2\u5e16\u3000shellcode \u3092\u66f8\u304f<\/a><\/p>\n
The Netwide Assembler: NASM<\/a><\/p>\n
\u3082\u3082\u3044\u308d\u30c6\u30af\u30ce\u30ed\u30b8\u30fc\u3000\u3000Linux x86\u7528\u306e\u30b7\u30a7\u30eb\u30b3\u30fc\u30c9\u3092\u66f8\u3044\u3066\u307f\u308b<\/a><\/p>\n
 <\/p>\n
        
Tweet<\/a><\/div><\/div>\n
\n","protected":false},"excerpt":{"rendered":"
\u6d41\u308c\u306b\u6d41\u308c\u3066\u4eca\u56de\u306f\u30b7\u30a7\u30eb\u30b3\u30fc\u30c9\u306b\u6311\u6226\u3057\u3066\u307f\u3088\u3046\u3068\u601d\u3044\u307e\u3059\u3002 \u307e\u305a\u30b7\u30a7\u30eb\u30b3\u30fc\u30c9\u3068\u306f \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30db\u30fc\u30eb\u3092\u5229\u7528\u3059\u308b\u30da\u30a4\u30ed\u30fc\u30c9\u3068\u3057\u3066\u4f7f\u308f\u308c\u308b\u30b3\u30fc\u30c9\u65ad\u7247\u3067\u3042\u308b\u3002 By Wikipedia \u3044\u308f\u3086\u308bfragment\u3060 … “\u30b7\u30a7\u30eb\u30b3\u30fc\u30c9\u306b\u6311\u6226” \u306e<\/span>\u7d9a\u304d\u3092\u8aad\u3080<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[106],"tags":[],"class_list":["post-4220","post","type-post","status-publish","format-standard","hentry","category-programming"],"_links":{"self":[{"href":"https:\/\/www.vincentina.net\/index.php?rest_route=\/wp\/v2\/posts\/4220","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.vincentina.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.vincentina.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.vincentina.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.vincentina.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4220"}],"version-history":[{"count":0,"href":"https:\/\/www.vincentina.net\/index.php?rest_route=\/wp\/v2\/posts\/4220\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.vincentina.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4220"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.vincentina.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4220"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.vincentina.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4220"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}