i cant understand why this c file wont work as planned. bash is located in "/bin/sh", and everything looks OK but i cant see what ive done wrong. do any of you think you know what could be wrong?
[source]
int main()
{
__asm__ ("\n\
jmp bye\n\
hi:\n\
popl %esi # move esp into esi\n\
\
movb $0x0, 0x7(%esi) # X : terminate string\n\
movl %esi, 0x8(%esi) # AAAA : store adress of \"/bin/sh\"\n\
movl $0x0, 0xc(%esi) # BBBB : create null word\n\
\
movl $0x0b , %eax # sys_call 0x0b : execve\n\
movl %esi , %ebx # Arg 1 : \"/bin/sh\" as first arg\n\
leal 0x8(%esi), %ecx # Arg 2 : pointer to \"/bin/sh\"\n\
leal 0xc(%esi), %edx # Arg 3 : pointer to null word\n\
int $0x80\n\
\
bye:\n\
call hi # puts esp on stack (adress of string)\n\
.string \"/bin/shXAAAABBBB\"\n\
");
}
[/source]
[source]
int main()
{
__asm__ ("\n\
jmp bye\n\
hi:\n\
popl %esi # move esp into esi\n\
\
movb $0x0, 0x7(%esi) # X : terminate string\n\
movl %esi, 0x8(%esi) # AAAA : store adress of \"/bin/sh\"\n\
movl $0x0, 0xc(%esi) # BBBB : create null word\n\
\
movl $0x0b , %eax # sys_call 0x0b : execve\n\
movl %esi , %ebx # Arg 1 : \"/bin/sh\" as first arg\n\
leal 0x8(%esi), %ecx # Arg 2 : pointer to \"/bin/sh\"\n\
leal 0xc(%esi), %edx # Arg 3 : pointer to null word\n\
int $0x80\n\
\
bye:\n\
call hi # puts esp on stack (adress of string)\n\
.string \"/bin/shXAAAABBBB\"\n\
");
}
[/source]