Marvee Amasi
Marvee Amasi
PostsComments
DIIDevHeads IoT Integration Server
Created by Marvee Amasi on 9/4/2024 in #middleware-and-os
Issues with 64-bit DLL Injection Shellcode on OpenBSD Ignoring Integer Pushes
I want to inject a 64 bit DLL into a 64 bit process on OpenBSD. The shellcode needs to push several 64 bit values onto the stack, including the old instruction pointer, the address of the DLL, and the address of the LoadLibrary function. 
section .text
global _start

_start:
    push qword 0xACEACEACACEACEAC  ; instruction pointer
    pushfq
    push rax
    push qword 0xACEACEACACEACEAC  ; address of the DLL
    mov rax, 0xACEACEACACEACEAC  ; address of LoadLibrary
    call rax
    pop rax
    popfq
    ret
section .text
global _start

_start:
    push qword 0xACEACEACACEACEAC  ; instruction pointer
    pushfq
    push rax
    push qword 0xACEACEACACEACEAC  ; address of the DLL
    mov rax, 0xACEACEACACEACEAC  ; address of LoadLibrary
    call rax
    pop rax
    popfq
    ret
When I assemble and run this code : 
nasm -f elf64 -o shellcode.o shellcode.asm
ld -o shellcode shellcode.o
nasm -f elf64 -o shellcode.o shellcode.asm
ld -o shellcode shellcode.o
It seems to be ignoring the 64 bit integer pushes. My assembly syntax should be correct and I have checked that there are no other errors in the code. I've also tried different values for the 64-bit integers, but the issue persists. Any insights ?
6 replies