The socket is initialized and the handle is returned into the server pointer (int
serves as a handle). Next the characteristics of the sockaddr_in structure are set. The
sockaddr_in structure is passed along with the handle to the server to the bind function
(which binds the process, port, and IP together). Then the socket is placed in the listen
state, meaning it waits for a connection on the bound port. When a connection is made,
the program passes a handle to the socket to the client handle. This is done so the stdin,
stdout, and stderr of the server can be duplicated to the client, allowing the client to
communicate with the server. Finally, a shell is popped and returned to the client.
Assembly Program to Establish a Socket
To summarize the previous section, the basic steps to establish a socket are
??? server=socket(2,1,0)
??? bind(server,(struct sockaddr *)&serv_addr,0x10)
??? listen(server, 0)
??? client=accept(server, 0, 0)
??? dup2(client, 0), dup2(client, 1), dup2(client, 2)
??? execve ???/bin/sh???
There is only one more thing to understand before moving to the assembly.
socketcall System Call
In Linux, sockets are implemented by using the socketcall system call (102). The
socketcall system call takes two arguments:
??? ebx An integer value, defined in /usr/include/net.
Pages:
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428