This part of ascii shellcode set eax at zero with the and instruction (%...). In the debugger and in pratice this PIC code work all the time but why? the AND instruction algorithme is:
Operand target ← Operand target ∩ Operande Source
flag CF ← 0
flag OF ← 0
It's possible that the eax register is not set to zero if the previous value of eax is not good?
#include <stdlib.h>
int main()
{
asm("\
and eax, 0x454e4f4a;\
and eax, 0x3a313035;\
");
return 0;
}
compilation line:
gcc -m32 -W -Wall -std=gnu99 -masm=intel -g eaxZero.c -o eaxZero
gdb instruction:
(gdb) b 5
..
(gdb) r
..
(gdb) x/i $eip
..
(gdb) x/x $eax
..
(gdb) nexti
..
(gdb) x/x $eax
..
(gdb) nexti
..
(gdb) x/x $eax
..