-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathloader_x86.asm
141 lines (110 loc) · 2.25 KB
/
loader_x86.asm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
BITS 32
;;;
;;; whole payload:
;;; - get listptr
;;; - loader code
;;; - chunks list
;;;
;;; chunk:
;;; 1) type: LOAD == 1 , STACK == 2 , ENTRYPOINT -- always last
;;; 2) vaddr
;;; 3) size -- page aligned?
;;; 4) data if type != ENTRYPOINT
;;;
;;; syscalls numbers
%define SYS_MMAP 192
%define SYS_MUNMAP 91
%define SYS_EXIT 1
;;; mmap stuff - olac
%define PROT_READ 0x1
%define PROT_WRITE 0x2
%define PROT_EXEC 0x4
%define MAP_PRIVATE 0x02
%define MAP_FIXED 0x10
%define MAP_ANONYMOUS 0x20
;;; paging stuff
%define PG_SIZE 0x1000
%define PG_MASK 0xfffff000
%macro mem_align 1
add %1, PG_SIZE
and %1, PG_MASK
%endmacro
;;; my header stuff
%define LOAD_TYPE 1
%define STACK_TYPE 2
%define ENTRY_TYPE 3
%define TYPE_OFF 0
%define VADDR_OFF 2
%define SIZE_OFF 6
%define STACK_OFF 6 ; for entryp
%define DATA_OFF 10
%define HDR_SIZE 10
global loader
global pre_loader
section .text
pre_loader:
jmp _data
loader:
pop ebp ; ebp holds pointer to begin of my list
_load_next:
xor eax,eax
mov ax, word [ebp+TYPE_OFF] ; type -- only matter at begining
cmp eax, LOAD_TYPE
je _set_load
cmp eax, STACK_TYPE
je _set_stack
cmp eax, ENTRY_TYPE
je _entryp
;; die
jmp _exit
_set_load:
;; munmap region i dont care if its mmaped or not
mov ebx, [ebp + VADDR_OFF]
mov ecx, [ebp + SIZE_OFF]
mem_align(ecx)
pusha
mov eax,SYS_MUNMAP
int 80h
;; mmap region again -- always RWX?
popa ; vaddr and size are set
push ebp ; mmap is scary i'd like to save my ptr on header
mov edx, PROT_READ | PROT_WRITE | PROT_EXEC
mov esi, MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED
mov edi, 0
mov ebp, 0
mov eax, SYS_MMAP
int 80h
;; copy stuff
pop ebp
lea esi, [ebp + DATA_OFF]
mov edi, [ebp + VADDR_OFF]
mov ecx, [ebp + SIZE_OFF ]
repz movsb
jmp _next_chunk
_set_stack: ; just copy data, i dont give a shit
lea esi, [ebp + DATA_OFF]
mov edi, [ebp + VADDR_OFF]
mov ecx, [ebp + SIZE_OFF ]
repz movsb
jmp _next_chunk
_next_chunk:
lea eax, [ebp + HDR_SIZE]
mov ebx, [ebp + SIZE_OFF]
lea ebp, [eax + ebx]
jmp _load_next
_entryp:
mov eax,[ebp + VADDR_OFF]
mov esp,[ebp + STACK_OFF]
xor ebx,ebx
xor ecx,ecx
xor edx,edx
xor esi,esi
xor edi,edi
jmp eax
_exit:
mov ebx,1
mov eax,SYS_EXIT
int 80h
;;; data is after this
_data:
call loader