Safely Searching Virtual Address Space using NASM


In the following code after calling 'access' system call, 0xfffffffe is present in EAX. While in case of success, 'access' system call returns 0. Here I am trying to access the memory which is part of the data section. Then why 'access' is returning 0xfffffffe ?

global _start
section .text

mov eax, 0x21 ; Access system call
mov ebx, message
mov ecx, 0 ; F_OK
int 0x80

section .data
message:dd 0,0,0,0,0,0,0

I am following the below-mentioned paper.
I am copy pasting the following lines from page number 7 and 8 of the paper.
'access' system call is preferred because "the pathname pointer is the argument that will be used to do the address validation. Since pathname is the first argument, it means that the ebx register will need to point to the address that needs to be validated."

And if we see in the following code author has used 'access' system call to validate EBX register. Following code is present on page number 8 of the paper.

mov ebx,0x50905090
xor ecx,ecx
mul ecx
or dx,0xfff
inc edx
lea ebx,[edx+0x4]
mov al,0x21
int 0x80
cmp al,0xf2
jz 0x9
cmp [edx],ebx
jnz 0xe
cmp [edx+0x4],ebx
jnz 0xe
jmp edx

asked on Stack Overflow Nov 7, 2018 by user1927603 • edited Nov 7, 2018 by Michael Petch

0 Answers

Nobody has answered this question yet.

User contributions licensed under CC BY-SA 3.0