Metasploit mailing list archives
A little offtopic: Get EIP
From: clemens.kol at gmx.at (Clemens Kolbitsch)
Date: Mon, 25 Jun 2007 20:57:55 +0200
oh yeah... just to make sure i'm using debian linux, 2.6.20 on a i386. still happy for help :-) Clemens Kolbitsch wrote:
hi guys! sorry... i know this is a little off-topic, but this is probably the best place to ask for help... we're developing a linux kernel stager to execute netcat as reverse shells (or acutally an app...) very similar to the winXP stager... everything works really good (you'll hear from us soon ;-) ) however, to try an exploit, i have to obtain the current EIP (and store it into some register). in user-mode, i use unsigned char *from; __asm__ __volatile__("call 0x0"); __asm__ __volatile__("pop %eax"); __asm__ __volatile__("mov %%eax,%0" : "=r" (from) : : "%eax"); what works just fine (well, the "call 0x0" must be edited manually after compiling, because gcc makes a "call 0xfcffffff" out of it for some reason...) however, when i execute this very same code in kernel mode (during a system call or a module init routine, for example) i get Segmentation fault Code: Bad EIP value. EIP: [<00000004>] 0x4 SS:ESP 0068:c6afec4 if i change it to "call 0x10" i get Segmentation fault Code: Bad EIP value. EIP: [<00000014>] 0x14 .... so obviously, the relative near-call is treated as a call with ABSOLUTE address... can anybody tell me why?? (or simply how to do this correctly??) thanks!! clemens
Current thread:
- A little offtopic: Get EIP Clemens Kolbitsch (Jun 25)
- A little offtopic: Get EIP Clemens Kolbitsch (Jun 25)
- A little offtopic: Get EIP Pranay Kanwar (Jun 26)
- A little offtopic: Get EIP Clemens Kolbitsch (Jun 26)
- A little offtopic: Get EIP Clemens Kolbitsch (Jun 26)
- A little offtopic: Get EIP Jerome Athias (Jun 26)
- A little offtopic: Get EIP Clemens Kolbitsch (Jun 26)
- A little offtopic: Get EIP Clemens Kolbitsch (Jun 26)
- A little offtopic: Get EIP Pranay Kanwar (Jun 26)
- A little offtopic: Get EIP Pusscat (Jun 26)
- A little offtopic: Get EIP Clemens Kolbitsch (Jun 26)