hello_x64
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

 
View only
 
 
Still loading...
ABCDEFGHIJKLMNOPQRSTU
1
labelehdrphdrcodecomment
2
hello0x7fH (by xor)org 0x01000000 because mmap for small address is not allowed (c.f., /proc/sys/vm/mmap_min_addr)
3
Ee (by xor)
4
Ll (by xor)
5
Fl (by xor)
6
2oreadelf will be confused / won't work on *BSD
7
1,
8
1
9
0w
10
paddingo
11
r
12
l
13
d
14
!
15
\n
16
unused!
17
18
2 (e_type)ET_EXEC
19
20
62 (e_machine)EM_X86_64
21
22
1 (e_version)unused - linux doesn't check this
23
24
25
26
0x1000048 (e_entry)
27
28
29
30
31
32
33
34
48 (e_phoff)
35
36
37
38
39
40
41
42
cont2? (e_shoff)mov AL, 4EAX=4 (syscall number for write)
43
44
int 0x80
45
xchg EAX, EDIEAX=0, EBX=1 (stdout)
46
xchg EAX, EBXEAX=1 (syscall number for exit), EBX=0 (exit(0))
47
int 0x80
48
49
50
phdr? (e_flags)1 (p_type)PT_LOAD. e_flags isn't used for x86-64
51
52
53
54
? (e_ehsize)0x560007 (p_flag)permission must be RWX, linux doesn't check e_ehsize
55
56
56 (e_phsize)linux checks e_phsize, upper bits of p_flags is OS/CPU specific
57
58
1 (e_phnum)1 (p_offset)e_phnum must be 1
59
60
0 (e_shentsize)upper bits of p_offset must be zero, we don't have section headers
61
62
0 (e_shnum)
63
64
0 (e_shstrndx)
65
66
0x1000001 (p_vaddr)cannot be 0x1000000 because p_offset=1
67
68
69
70
71
72
73
74
_start? (p_paddr)inc EBXstdout
75
76
mov DL, 14strlen("Hello, world!\n")
77
78
inc ECXwill shift this to create 0x1000000
79
80
jmp cont
81
82
103 (p_filesz)
83
84
85
86
87
88
89
90
cont0x000000???????? (p_memsz)shl ECX, 24ECX=0x1000000 (hello)
91
92
93
and EAX, 0upper bits of p_memsz cannot be used, fall through
94
95
96
97
98
0? (p_align)xor dword [RCX], 0x2a202037"\x7fELF" ^ "\x37\x20\x20\x2a" = "Hell"
99
100
Loading...
 
 
 
104
simple
test