I am trying to change a string that is stored in memory by changing the byte in it. I use movb for this, but for some reason the byte in the given memory location does not change.
In the gdb debugger:
14 movb% al, (% r10) # next instr
(gdb) print / d $ al
$ 4 = 0
(gdb) print / c * $ r10
$ 5 = 47 '/'
(gdb) s
16 mov $ 59,% rax
(gdb) print / c * $ r10
$ 6 = 47 '/'
The code is simple:
.globl _start
.text
_start:
call chamaexecve
variaveis:
.asciz "/bin/bashABBBBCCCC"
chamaexecve:
pop %r10
xor %rax, %rax
movb %al, (%r10)
mov $59, %rax
mov %rsi, %rdi
mov $0, %rsi
mov $0, %rdx
syscall
And it compiles with as -gstabs -o shellf.o shellf.s-ld -N -z execstack -o shellf shellf.o
, . . , , , movb $'r', %al % al , 'r' , - $0.
Linux Mint 18.1 "Serena", gnu 2.26.1. x/i $rip, :
Edit2:
break to tbreak s si, , '/' '\ 000' . , s/break/gdb ?
(gdb) tb 14
1 0x4000cd: shellf.s, 14.
(gdb)
:/home/fabio/criação/nasm-tutorial/shellf
1, chamaexecve() shellf.s: 14
14 movb% al, (% r10)
(gdb) si
16 mov $59,% rax
(gdb) print/c * $rsi
0x0
(gdb) print/c * $r10
$ 1 = 0 '\ 000'
(gdb)