Author Topic: [asm] Get the value of EIP (Read 2847 times)

parad0x · « **on:** June 30, 2013, 05:10:05 pm »

I coded this program to verify if ASLR is set on on my linux box. But it doesn't work. It says 'eip is an undefined symbol' when I assemble it.

Code: (ASM) [Select]

SECTION .data

    value: db "EIP : %x", 0xa, 0x0

SECTION .text

global main

extern printf

main:

    push ebp
    mov ebp, esp
    
    mov eax, eip
    push eax
    push value
    call printf

    mov esp, ebp
    pop ebp
    ret

Stackprotector · « **Reply #1 on:** June 30, 2013, 05:15:19 pm »

Code: (asm) [Select]

call pop
pop:
pop eax

This will pop the location of "pop:" into eax. When you use call instruction the next instruction to be executed is pushed onto the stack to be executed by the instruction "ret"

parad0x · « **Reply #2 on:** June 30, 2013, 05:26:18 pm »

Thanks Factionwars. +1 to you for your help.

The final code to get The value of EIP is

Code: (ASM) [Select]

;
; nasm -f elf32 -o getEIP.o getEIP.asm
;
;gcc -o getEIP getEIP.o

SECTION .data

    value: db "EIP : %x", 0xa, 0x0

SECTION .text

global main

extern printf

main:

    push ebp
    mov ebp, esp
    
    call pop
pop:
    pop eax
    push eax
    push value
    call printf

    mov esp, ebp
    pop ebp
    ret
[/asm]

If its value changes every time you run this program, then this verifies that ASLR is on on your machine.

EvilZone

News:

Author Topic: [asm] Get the value of EIP (Read 2847 times)

parad0x

[asm] Get the value of EIP

Stackprotector

Re: [asm] Get the value of EIP

parad0x

Re: [asm] Get the value of EIP