title:Linux Local Descriptor Table keywords:linux,ldt,assembler # Linux Local Descriptor Table Is 32bit Intel ELF 0x80**** adreeses is default? nope. You can setup your own. Compiler will not see thembut you can do it. Setup LDT and you will see it. ``` use32 mov dword [0] ,"Hall" mov dword [4] ,"Ball" mov dword [8] ,"Mall" mov dword [12],0x00000000 ``` yes everything starts from 0x0 ``` #include #include #include #include #include char new_segment[16]; int main() { int r; struct user_desc *ldt; ldt = (struct user_desc*)malloc(sizeof(struct user_desc)); ldt->entry_number = 0; ldt->base_addr = ((unsigned long)&new_segment); ldt->limit = 16; ldt->seg_32bit = 0x1; ldt->contents = 0x0; ldt->read_exec_only = 0x0; ldt->limit_in_pages = 0x0; ldt->seg_not_present = 0x0; ldt->useable = 0x1; printf("Start\n"); r = syscall( __NR_modify_ldt, 1 , ldt , sizeof(struct user_desc) ); if ( r == -1 ) { printf("Sorry\n"); exit( 0 ); } asm("pushl %ds"); asm("movl $0x7, %eax"); /* 0111: 0-Index 1-Using the LDT table 11-RPL of 3 */ asm("movl %eax, %ds"); asm(".byte 0xc7,0x5,0x0,0x0,0x0,0x0,0x48,0x61, 0x6c,0x6c,0xc7,0x5,0x4,0x0,0x0,0x0, 0x42,0x61,0x6c,0x6c,0xc7,0x5,0x8,0x0, 0x0,0x0,0x4d,0x61,0x6c,0x6c,0xc7,0x5, 0xc,0x0,0x0,0x0,0x0,0x0,0x0,0x0"); asm("popl %ds"); printf("End\n"); printf("Segment [%s]\n",new_segment); free( ldt ); return 0; } ``` ``` asm(".byte ... ") // is code.bin ``` Compile: ``` fasm code.asm code.bin gcc main.c -o main ``` ## Downloads linux_ldt.zip - 2KiB - http://archive.main.lv/files/writeup/linux_local_descriptor_table/linux_ldt.zip