Is there a way to avoid 00's in these assembly lea instructions?

abefroman · 09-29-2015, 01:12 PM

Code:

        lea rsi, [userpass]
        lea rdi, [passcode]

Here is the object dump:

Code:

  bc:	48 8d 34 25 00 00 00 	lea    rsi,ds:0x0
  c3:	00 
  cd:	48 8d 3c 25 00 00 00 	lea    rdi,ds:0x0
  d4:	00

NevemTeve · 09-29-2015, 11:11 PM

(If you are so desperate to become a haxor then please do some research on your own.)

abefroman · 09-30-2015, 04:10 AM

So anyone who uses assembly is a hacker?

NevemTeve · 09-30-2015, 04:25 AM

Certainly not. However, considering the topics you have opened so far...

abefroman · 09-30-2015, 04:28 AM

If you can hack a server with 2 lea statements, I'd like to see that.

NevemTeve · 09-30-2015, 04:36 AM

Well, it requires at least three LEA's and four XCHG's.

Nonetheless, its hard to believe that you want to disguise machine code as string-literal for benevolent reasons.

sundialsvcs · 09-30-2015, 08:13 AM

The instructions are what the instructions are. Yes, they contain zeros, but if you really want to be a L33T H4X0R you will know how to disguise them by compression or run-length encoding.

But you will also find that, in most operating systems today, you cannot execute instructions out of the data segment, and you cannot modify the code segment.

ntubski · 09-30-2015, 09:04 AM

Quote:

Originally Posted by abefroman

Is there a way to avoid 00's in these assembly lea instructions?

Code:

        lea rsi, [userpass]
        lea rdi, [passcode]

Here is the object dump:

Code:

  bc:	48 8d 34 25 00 00 00 	lea    rsi,ds:0x0
  c3:	00 
  cd:	48 8d 3c 25 00 00 00 	lea    rdi,ds:0x0
  d4:	00

I think those 00s are placeholders that will be replaced by the addresses of userpass and passcode when you link the object file.

abefroman · 09-30-2015, 09:18 AM

Quote:

Originally Posted by ntubski

I think those 00s are placeholders that will be replaced by the addresses of userpass and passcode when you link the object file.

relocation bytes?

NevemTeve · 09-30-2015, 09:23 AM

The object module contains a 'replace/overwrite section' that informs the linkers which bytes are to be replaced when external symbols are resolved.

sundialsvcs · 10-01-2015, 10:55 AM

In this case, the construct ds:0x0 will require no relocation: the correct final-value is, "zero."

But, yes, that is how a linker works. The compiler specifies the locations where address-values will need to be plugged in, and the name of the symbol whose value must be put there. The compiler does not know what address-value the symbol will eventually have, and the linker must be told by the compiler where to insert them.

ntubski · 10-01-2015, 11:32 AM

Quote:

Originally Posted by sundialsvcs

In this case, the construct ds:0x0 will require no relocation: the correct final-value is, "zero."

I think the OP disassembled the object file, and the placeholder zero was interpreted by the disassembler as ds:0x0. It doesn't make sense that both (or even just one of) [userpass] and [passcode] would become zero in the final executable.

sundialsvcs · 10-01-2015, 05:15 PM

Indeed. I had failed to pick-up on that. Yes, what will usually be found in an object-file is either a zero, or the "offset," to which the symbol-address (once determined by the linker) is customarily added.