1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
title:Linux Local Descriptor Table
keywords:linux,ldt,assembler
# Linux Local Descriptor Table
Is 32bit Intel ELF 0x80**** adreeses is default? nope. You can setup
your own. Compiler will not see thembut you can do it.
Setup LDT and you will see it.
```asm
use32
mov dword [0] ,"Hall"
mov dword [4] ,"Ball"
mov dword [8] ,"Mall"
mov dword [12],0x00000000
```
yes everything starts from 0x0
```c
#include <stdlib.h>
#include <stdio.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <asm/ldt.h>
char new_segment[16];
int main()
{
int r;
struct user_desc *ldt;
ldt = (struct user_desc*)malloc(sizeof(struct user_desc));
ldt->entry_number = 0;
ldt->base_addr = ((unsigned long)&new_segment);
ldt->limit = 16;
ldt->seg_32bit = 0x1;
ldt->contents = 0x0;
ldt->read_exec_only = 0x0;
ldt->limit_in_pages = 0x0;
ldt->seg_not_present = 0x0;
ldt->useable = 0x1;
printf("Start\n");
r = syscall( __NR_modify_ldt, 1 , ldt , sizeof(struct user_desc) );
if ( r == -1 )
{
printf("Sorry\n");
exit( 0 );
}
asm("pushl %ds");
asm("movl $0x7, %eax"); /* 0111: 0-Index 1-Using the LDT table 11-RPL of 3 */
asm("movl %eax, %ds");
asm(".byte 0xc7,0x5,0x0,0x0,0x0,0x0,0x48,0x61,
0x6c,0x6c,0xc7,0x5,0x4,0x0,0x0,0x0,
0x42,0x61,0x6c,0x6c,0xc7,0x5,0x8,0x0,
0x0,0x0,0x4d,0x61,0x6c,0x6c,0xc7,0x5,
0xc,0x0,0x0,0x0,0x0,0x0,0x0,0x0");
asm("popl %ds");
printf("End\n");
printf("Segment [%s]\n",new_segment);
free( ldt );
return 0;
}
```
```c
asm(".byte ... ") // is code.bin
```
Compile:
```sh
fasm code.asm code.bin
gcc main.c -o main
```
## Downloads
linux_ldt.zip -
2KiB - http://archive.main.lv/files/writeup/linux_local_descriptor_table/linux_ldt.zip
|
