I am not able to run programs based on jmp-call-pop. My system is Ubuntu 14.04.3 LTS on VirtualBox.
I use the compile.sh with ld -z execstack -o $1 $1.o.
I think the problem is the stack
Here is a gdb dump for xor-decoder. In this example the esi gets via pop the address of the shellcode and the command "xor BYTE PTR [esi],0xaa" tries to xor 0xAA with byte [esi]. But here the program crashes. But why?
Breakpoint 2, 0x08048087 in decode ()
(gdb) disassemble $eip,+30
Dump of assembler code from 0x8048087 to 0x80480a5:
=> 0x08048087 : xor BYTE PTR [esi],0xaa
0x0804808a : inc esi
End of assembler dump.
Program received signal SIGSEGV, Segmentation fault.
0x08048087 in decode ()