Graphics Programs Reference
In-Depth Information
0x0804839f <main+43>: lea eax,[ebp-4]
0x080483a2 <main+46>: inc DWORD PTR [eax]
0x080483a4 <main+48>: jmp 0x804838b <main+23>
0x080483a6 <main+50>: leave
0x080483a7 <main+51>: ret
End of assembler dump.
(
gdb)
The loop contains two new instructions:
cmp
(compare) and
jle
(jump if
less than or equal to), the latter belonging to the family of conditional jump
instructions. The
cmp
instruction will compare its two operands, setting flags
based on the result. Then, a conditional jump instruction will jump based on
the flags. In the code above, if the value at
[ebp-4]
is less than or equal to 9,
execution will jump to
0x8048393
, past the next
jmp
instruction. Otherwise, the
next
jmp
instruction brings execution to the end of the function at
0x080483a6
,
exiting the loop. The body of the loop makes the call to
printf()
, increments
the counter variable at
[ebp-4]
, and finally jumps back to the compare instruc-
tion to continue the loop. Using conditional jump instructions, complex
programming control structures such as loops can be created in assembly.
More conditional jump instructions are shown below.
Instruction Description
cmp <dest>, <source>
Compare the destination operand with the source, setting flags for use
with a conditional jump instruction.
je <target>
Jump to target if the compared values are equal.
jne <target>
Jump if not equal.
jl <target>
Jump if less than.
jle <target>
Jump if less than or equal to.
jnl <target>
Jump if not less than.
jnle <target>
Jump if not less than or equal to.
jg jge
Jump if greater than, or greater than or equal to.
jng jnge
Jump if not greater than, or not greater than or equal to.
These instructions can be used to shrink the
dup2
portion of the shellcode
down to the following:
; dup2(connected socket, {all three standard I/O file descriptors})
mov ebx, eax ; Move socket FD in ebx.
xor eax, eax ; Zero eax.
xor ecx, ecx ; ecx = 0 = standard input
dup_loop:
mov BYTE al, 0x3F ; dup2 syscall #63
int 0x80 ; dup2(c, 0)
inc ecx
cmp BYTE cl, 2 ; Compare ecx with 2.
jle dup_loop ; If ecx <= 2, jump to dup_loop.
