'Why am I getting a segmentation fault? (Testing Shellcode)

I wrote a simple ASM file and ran it in a C file I'd written. I got a segentation fault. However, when I execute the compiled ASM file, I get no error.

I am running 64 bit and using 32 bit shellcode. Is that the issue?

It can't be, because I'm getting a segmentation fault with this:

char shellcode[] = "\x90"; //simple NOP in ASM
int main(int argc, char **argv)
{
  int (*ret)();
  ret = (int (*)()) shellcode;
  (int)(*ret)();
}

Can someone please run this and tell me whether or not they get a segmentation fault. I have used 3 or 4 other C files as well. None have worked.

Update:

((void(*)(void))code)();

Seems to be working in place of those three lines.

csegmentation-faultshellcode


Solution 1:[1]

As mentioned above the shellcode is in non-executable memory. Try recompiling the program with the -fno-stack-protector and the -z execstack flags enabled.

That is:

gcc -fno-stack-protector -z execstack -O OutputFileName yourShellCode.c

Solution 2:[2]

Two issues:

  1. The shell code might be in non-executable memory. In order to make it executable, you need to either ask the OS to make it executable (e.g. with mprotect(2) or VirtualProtect()), or allocate new executable memory and copy it there (e.g. with mmap(2) or VirtualAlloc().
  2. Your shell code doesn't return/exit. After the CPU executes your NOP there (0x90), it's going to keep on executing code in the memory that comes after that NOP instruction. Most likely, this will crash quickly, but it might do other random, unpredictable things.

To fix #2, you need to explicitly either execute a return instruction (C3 on x86/x86-64) to return from your shell code, or you need to do something which never returns, like call the exit(3) function.

Solution 3:[3]

Maybe you should change your variable :

   char shellcode[]

To:

   const char shellcode[]

Like in this question: segmentation-fault-error-when-exe-c

This one worked for me! :)

Solution 4:[4]

Try put the shellcode in the main function to make it a local variable:

int main(int argc, char **argv)
{
  const char shellcode[] = "<your shellcode>";
  int (*ret)();
  ret = (int (*)()) shellcode;
  (int)(*ret)();
}

Then compile it with flags -fno-stack-protector and -z execstack:

gcc <filename>.c -fno-stack-protector -z execstack -o <filename>

I found this idea on stackexchange and it worked for me.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Ray
Solution 2 Adam Rosenfield
Solution 3 Community
Solution 4

Related Questions

Implicit declaration of functions srand, rand and system

Implicit declaration of functions srand, rand and system

Implicit declaration of functions srand, rand and system

hex code implementation for spawning a shell

hex code implementation for spawning a shell

hex code implementation for spawning a shell

warning: format ‘%s’ expects type ‘char *’, but argument 2 has type ‘char (*)’

Minimal implementation of sprintf or printf

warning: format ‘%s’ expects type ‘char *’, but argument 2 has type ‘char (*)’

Minimal implementation of sprintf or printf

How to hide helper functions from public API in c

VS Code C Error - Invalid Active Developer Path

In C is it faster to use the standard library or write your own function?

Finding consecutive bit string of 1 or 0

What is the simplest way of implementing bigint in C?