Assembly#
shr edx -> divide by 2
shl edx -> multiply by 2
// fd starts at 0 (stdin), 1 (stdout) , 2 (stderr). so 3 will be for the additional openned file stream. Of course there are exceptions to these , for instance in the case where we are using sockets : Sockets will use fd 0 , stdin will use fd 1 , stdout will use fd 2 , stderr will use fd 3 and additional files openned will use fd 4 onwards!
r13, r14 , r15 registers are known as non-volatile registers since they do not change between function calls. Writing our own shellcode we need to make sure we take into account little endiannes aspect when writing values into memory.
echo -n "flag.txt" | rev | hex # 7478742e67616c66
lea rsi, [rsp] # whatever address that is in rsp is moved to rsi
cdq // zero out rdx | edx
sign extend instructions movsx rdx , al , cdq –> does the same thing in a clever way. It will sign extend rax and store the 32 most significant byte to edx , eax , basically zeroing it out Google CS61 harvald
mov rdx, 0x00 // this instruction is 7 bytes.
push 0x0 pop rdx // this instruction is 3 bytes and it does exactly same thing as the upper one.
