Become a leader in the IoT community!

New DevHeads get a 320-point leaderboard boost when joining the DevHeads IoT Integration Community. In addition to learning and advising, active community leaders are rewarded with community recognition and free tech stuff. Start your Legendary Collaboration now!

Step 1 of 5

CREATE YOUR PROFILE *Required

OR
Step 2 of 5

WHAT BRINGS YOU TO DEVHEADS? *Choose 1 or more

Collaboration & Work 🤝
Learn & Grow 📚
Contribute Experience & Expertise 🔧
Step 3 of 5

WHAT'S YOUR INTEREST OR EXPERTISE? *Choose 1 or more

Hardware & Design 💡
Embedded Software 💻
Edge Networking
Step 4 of 5

Personalize your profile

Step 5 of 5

Read & agree to our COMMUNITY RULES

  1. We want this server to be a welcoming space! Treat everyone with respect. Absolutely no harassment, witch hunting, sexism, racism, or hate speech will be tolerated.
  2. If you see something against the rules or something that makes you feel unsafe, let staff know by messaging @admin in the "support-tickets" tab in the Live DevChat menu.
  3. No age-restricted, obscene or NSFW content. This includes text, images, or links featuring nudity, sex, hard violence, or other graphically disturbing content.
  4. No spam. This includes DMing fellow members.
  5. You must be over the age of 18 years old to participate in our community.
  6. Our community uses Answer Overflow to index content on the web. By posting in this channel your messages will be indexed on the worldwide web to help others find answers.
  7. You agree to our Terms of Service (https://www.devheads.io/terms-of-service/) and Privacy Policy (https://www.devheads.io/privacy-policy)
By clicking "Finish", you have read and agreed to the our Terms of Service and Privacy Policy.

Issues with 64-bit DLL Injection Shellcode on OpenBSD Ignoring Integer Pushes

I want to inject a 64 bit DLL into a 64 bit process on OpenBSD. The shellcode needs to push several 64 bit values onto the stack, including the old instruction pointer, the address of the DLL, and the address of the `LoadLibrary` function.

section .text
global _start

_start:
    push qword 0xACEACEACACEACEAC  ; instruction pointer
    pushfq
    push rax
    push qword 0xACEACEACACEACEAC  ; address of the DLL
    mov rax, 0xACEACEACACEACEAC  ; address of LoadLibrary
    call rax
    pop rax
    popfq
    ret

When I assemble and run this code :

nasm -f elf64 -o shellcode.o shellcode.asm
ld -o shellcode shellcode.o

It seems to be ignoring the 64 bit integer pushes.
My assembly syntax should be correct and I have checked that there are no other errors in the code. I’ve also tried different values for the 64-bit integers, but the issue persists.

Any insights ?

  1. Enthernet Code#0000

    @marveeamasi The issue with your shellcode on OpenBSD is likely due to security features like W^X, which prevents memory regions from being writable and executable simultaneously, and strict requirements for stack alignment.

    To address this, ensure that the memory region containing your shellcode is executable using `mprotect` if necessary. Also, make sure the stack is 16-byte aligned before calling `LoadLibrary` to meet the x86-64 ABI requirements. Verify that NASM correctly encodes the `push` instructions by checking the output with a disassembler, and ensure you are using the correct assembler and linker flags for 64-bit mode. Debugging with a tool like `gdb` can also help trace the execution and confirm that the 64-bit values are pushed correctly onto the stack.

  2. marveeamasi#0

    Oh thanks

  3. marveeamasi#0

    Was able to fix it

  4. marveeamasi#0

    I also had a typo .hex_str: … Had to remove the leading dot.

CONTRIBUTE TO THIS THREAD

Browse other Product Reviews tagged

Leaderboard

RANKED BY XP

All time
  • 1.
    Avatar
    @Nayel115
    1620 XP
  • 2.
    Avatar
    @UcGee
    650 XP
  • 3.
    Avatar
    @melta101
    600 XP
  • 4.
    Avatar
    @lifegochi
    250 XP
  • 5.
    Avatar
    @Youuce
    180 XP
  • 6.
    Avatar
    @hemalchevli
    170 XP