I'll preface this by saying I'm not too familiar with assembly on ARM.
Basically, I'm trying to write shellcode similar to this. The code works just fine, but I'm trying to make some modifications to see how it works. Here is the target program:
#include <stdio.h> #include <string.h> int main(){ char payload[34]; int len=fread(payload, 1, 34, stdin); printf("Length: %d\n", len); (*(void(*)()) payload) (); } I compile the assembly from that link, slice out the shellcode into a file, and then I send it to stdin like so:
(cat shellcode; echo ps) | ./target Which yields:
Length: 34 PID TTY TIME CMD 3565 pts/3 00:00:00 bash 3854 pts/3 00:00:00 sh 3856 pts/3 00:00:00 ps When I do the same with the shellcode I wrote, the program hangs taking up 100% cpu. If I step through it enough times in gdb I get the following over and over:
(gdb) s 55 in dl-addr.c This is the assembly code I wrote:
.LC0: .global main main: mov r2, #0 mov r1, #0 ldr r0, =string bl execve string: .asciz "/bin/sh" I'm running this on a Raspberry Pi.
Thanks!
si(or, in full,stepi) command, nots(which isstep). The latter operates on source lines, while the former works with instructions. And then use thedisas(ordisassemble) command to see where you are in the assembly view of your program+shellcode. Or, instead ofdisas, you may findx/10i $pcmore useful (where 10 is number of instructions to disassemble).