EvilZone

Programming and Scripting => Assembly - Embedded => Topic started by: parad0x on June 30, 2013, 05:10:05 PM

Title: [asm] Get the value of EIP
Post by: parad0x on June 30, 2013, 05:10:05 PM

I coded this program to verify if ASLR is set on on my linux box. But it doesn't work. It says 'eip is an undefined symbol' when I assemble it.

Code: (ASM) [Select]

SECTION .data

    value: db "EIP : %x", 0xa, 0x0

SECTION .text

global main

extern printf

main:

    push ebp
    mov ebp, esp
   
    mov eax, eip
    push eax
    push value
    call printf

    mov esp, ebp
    pop ebp
    ret


Title: Re: [asm] Get the value of EIP
Post by: Stackprotector on June 30, 2013, 05:15:19 PM

Code: (asm) [Select]

call pop
pop:
pop eax
This will pop the location of "pop:" into eax. When you use call instruction the next instruction to be executed is pushed onto the stack to be executed by the instruction "ret"

Title: Re: [asm] Get the value of EIP
Post by: parad0x on June 30, 2013, 05:26:18 PM

Thanks Factionwars. +1 to you for your help.

The final code to get The value of EIP is

Code: (ASM) [Select]

;
; nasm -f elf32 -o getEIP.o getEIP.asm
;
;gcc -o getEIP getEIP.o

SECTION .data

    value: db "EIP : %x", 0xa, 0x0

SECTION .text

global main

extern printf

main:

    push ebp
    mov ebp, esp
   
    call pop
pop:
    pop eax
    push eax
    push value
    call printf

    mov esp, ebp
    pop ebp
    ret
[/asm]

If its value changes every time you run this program, then this verifies that ASLR is on on your machine.