{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 不美不萌又怎样 的问题《asm shellcode in C buffer - prologue》','https://www.manongdao.com/q-371304.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I try to build a function in a buffer in C. with gdb i can translate
push rbp
mov rbp,rsp
(...)
leave
ret
to
0x55
0x48 0x89 0xe5
(...)
0xc9
0xc3
So I wrote a C code:
int main()
{
char buffer[]={0x55,0x48,0x89,0xe5,0xc9,0xc3};
void (*j)(void)=buffer;
j();
}
but my program seems to crash at the intruction "push rbp" (0x55 in the buffer) Do you know why?
The usual cause is that the stack (where your
bufferis stored) is not executable. There are primarily two ways around that:gcc -z execstack)mprotectat runtime to mark the page where your code is executable