Graphics Programs Reference
In-Depth Information
0x510
Assembly vs. C
The shellcode bytes are actually architecture-specific machine instructions,
so shellcode is written using the assembly language. Writing a program in
assembly is different than writing it in C, but many of the principles are similar.
The operating system manages things like input, output, process control, file
access, and network communication in the kernel. Compiled C programs
ultimately perform these tasks by making system calls to the kernel. Different
operating systems have different sets of system calls.
In C, standard libraries are used for convenience and portability. A C pro-
gram that uses
printf()
to output a string can be compiled for many different
systems, since the library knows the appropriate system calls for various archi-
tectures. A C program compiled on an
x
86 processor will produce
x
86 assembly
language.
By definition, assembly language is already specific to a certain processor
architecture, so portability is impossible. There are no standard libraries;
instead, kernel system calls have to be made directly. To begin our comparison,
let's write a simple C program, then rewrite it in
x
86 assembly.
helloworld.c
#include <stdio.h>
int main() {
printf("Hello, world!\n");
return 0;
}
When the compiled program is run, execution flows through the standard
I/O library, eventually making a system call to write the string
Hello, world!
to
the screen. The strace program is used to trace a program's system calls. Used
on the compiled helloworld program, it shows every system call that program
makes.
reader@hacking:~/booksrc $ gcc helloworld.c
reader@hacking:~/booksrc $ strace ./a.out
execve("./a.out", ["./a.out"], [/* 27 vars */]) = 0
brk(0) = 0x804a000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ef6000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=61323, ...}) = 0
mmap2(NULL, 61323, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7ee7000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/tls/i686/cmov/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20Z\1\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1248904, ...}) = 0
mmap2(NULL, 1258876, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7db3000
mmap2(0xb7ee0000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12c) =
0xb7ee0000
