Injectable Shellcode

The shellcode above contains many null characters opcodes (\x00):

char[] shellcode = "\xbb\x00\x00\x00\x00"
       "\xb8\x01\x00\x00\x00"

Using this shellcode would terminate the string sent to the input buffer of a vulnerable program and cause a failure in the exploit.

To overcome this in the first instruction, we can use the

xor ebx,ebx

which would generate a 0 without a null opcode.

To remove the null characters from the second instruction, we can use:

xor al,1

Then our updated assembly code would look like this:

> cat exit_shellcode.asm

Section .text
 global _start

_start:
 xor ebx,ebx # exit code 0
 mov al,1    # syscall exit is 1
 int 0x80    # execute syscall

And the opcodes will have no more terminating strings and significantly reduced size:

> objdump -d exit_shellcode

exit_shellcode: file format elf32-i386

Disassembly of section .text:

08048080 <.text>:
8048080: 31 db  xor  %ebx, %ebx
8048085: b0 01  mov  $0x1, %al
804808a: cd 80    int  $0x80