Created
February 20, 2023 18:51
-
-
Save RedToor/acd872f165c0da89df5d3a6b1fe00e04 to your computer and use it in GitHub Desktop.
sys_write log shellcode
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ; | |
| ; sys_write log shellcode for Linux x86_64-bits | |
| ; nasm -felf64 sys_write_log.asm -o sys_write_log.o | |
| ; | |
| ; | |
| ; call write@lib <-| replace original (write) address in binary to | |
| ; 0x0FFFFFF <-| shellcode address offset into himself. | |
| ; | |
| global _start | |
| section .text | |
| _start: | |
| jmp init | |
| message: db "patched", 0xa | |
| filepath: db "m3m", 0x0 | |
| init: | |
| ;ssize write(int __fd, char* __buf, int __n) | |
| mov r8, rdi ; save __fd | |
| mov r10, rsi ; save __buf | |
| mov r15, rdx ; save __n | |
| ; debug message (optional) | |
| mov rax, 0x1 ; sys_write syscall | |
| mov rdi, rax ; 0x1 (stdout) | |
| lea rsi, [rel message] | |
| mov rdx, 0x8 | |
| syscall | |
| ; open log file | |
| mov rax, 0x2 ; sys_open syscall | |
| lea rdi, [rel filepath] ; pathname | |
| mov rsi, 02001Q ; O_WRONLY | O_APPEND | |
| mov rdx, 0644o ; 644 | |
| syscall | |
| ; logging | |
| mov rdi, rax ; log fd recently create | |
| mov rax, 0x1 ; sys_write syscall | |
| mov rsi, r10 ; r10=__buf | |
| mov rdx, r15 ; r15=__n | |
| syscall | |
| ; close log file | |
| mov rax, 0x3 ; sys_close syscall | |
| syscall | |
| ; detour | |
| mov rax, 0x1 ; sys_write syscall | |
| mov rdi, r8 ; r8=__fd | |
| syscall | |
| ; return rax | |
| ret |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment