NASM - The Netwide Assembler
NASM Forum => Programming with NASM => Topic started by: alexmalex021 on October 25, 2015, 11:52:16 AM
-
Hi all,
Could anyone help me to understand this code (https://gist.github.com/anonymous/faca9068f29ce205b02a)?
* this code used in a C program and some variables is from C.
Regards
-
Dunno. Where'd you find it?
Best,
Frank
-
Is it important?! a place in the web
-
No. I see...
; incbin "ps"
... but it's commented out. That would be the Unix utility, I suppose? (lists PIDs) It makes itself position independent... so it can be pasted into some other code instead of being run "on purpose". It forks itself. At this point, I'm confused. After a fork, you're "two places at once" and you look at eax to see if you're parent or child, but this code looks at edx - apparently for that purpose. Things are different on a Mac, I guess. Anyway, then it sys_execve's its "file" - which is Mac's "launch demon", I guess. It seems to open that file and read it to where "ps" was commented out from, too(?). Then the other branch of the fork looks like it jumps back to someplace involving a magic number and "start"(?). I'm pretty confused by this point, but it looks like it intends to run code on somebody's machine without their knowledge or permission. I just wondered whether you were doing it to somebody or somebody was doing it to you. Or maybe I'm just being paranoid.
Best,
Frank
-
Thank you Frank.
My friend give me that assembly code.i cannot completely understand the code.
This assembly code used in a C++ program.that is part of a complete program.
I still cannot understand that code exactly what's doing!