I am quite new to Assembly and I am trying to create a program that uses scanf to receive a number from the user. It then outputs "Result: (the number)"
I keep getting a segmentation error upon running the code.
This is the code I have got now:
.global main
mystring: .asciz"input\n"
formatstring: .asciz" %d"
resultstring: .asciz "Result: %ld\n"
main:
movq $0, %rax
movq $mystring, %rdi
call printf
call inout
movq $0, %rax
movq $resultstring, %rdi
call printf
jmp end
inout:
pushq %rbp
subq $8, %rsp
leaq -8(%rbp), %rsi
movq $formatstring, %rdi
movq $0, %rax
call scanf
popq %rbp
ret
end:
movq $0, %rdi
call exit
I suspect there is something wrong with the 'inout' method. Any solutions to make this program working?
leaq -8(%rbp), %rsi
In this instruction you are referring to the %rbp register but you forgot to actually initialize it!
Related
.globl start
.section .text
_start:
movq $2, %rbx
movq $3, %rcx
movq $1, %rax
mainloop:
addq $0, %rcx
jz complete
mulq %rbx
decq %rcx
jmp mainloop
complete:
movq %rax, %rdi
movq $60, %rax
syscall
I have been trying to run this code, but keep getting an
illegal instruction
through the assembler.
I cannot figure why it is supposed to run through GNU assembler.
This question already has answers here:
Why does Windows64 use a different calling convention from all other OSes on x86-64?
(4 answers)
How to write hello world in assembly under Windows?
(9 answers)
Closed last year.
Fro
run gcc s2.asm in windows7 console window; then a exe file is generated.
run a.exe,then crash, why.
s2.asm code is generated from source code following:
{
int m;
m = 1;
iprint (m) ;
}
s2.asm eplease refer to the following:
IO:
.string "%lld"
.text
.globl main
main:
pushq %rbp
movq %rsp, %rbp
subq $16, %rsp
pushq $1
movq %rbp, %rax
leaq -8(%rax), %rax
popq (%rax)
movq %rbp, %rax
leaq -8(%rax), %rax
movq (%rax), %rax
pushq %rax
popq %rsi
leaq IO(%rip), %rdi
movq $0, %rax
callq printf
leaveq
retq
I installed tdm64-gcc-10.3.0-21.exe on my windows, therefore I have a gcc 64 bits.
But why a.exe crashed?
thank you.
hi all, thank your reply and ...
I am a fan of compiler technology, I want to realize my toy compiler by my self, it's very sample but support 64bits, which can be compiled by gcc on windows OS,and run on dindows console.
I meet a compiler which written by ocaml by Mune Professor on site ,
the generated assembly seems very sample.
ocaml64 is setup on my PC.
but only a ocaml compiler in it, there is no gcc.
then but by the toy compiler, 80x86 assembly code can be generated,
To convert assembly code to execute file, then Embarcadero_Dev-Cpp_6.3_TDM-GCC_9.2 is setup,
then gcc tmp.s, a a.exe file is generated,
but a.exe cannot be run successfully on windows.
the code is provided on site.1
But I have limited knowledge on assembly.
On this site, the assembly code emmiter module:
for linux, for cygwin, for old ocaml.
At last I have to reconsider the code again: I select cygwin emitter.
then generate assembly like the folowwing, I run the output a.exe file final succcesslly .
IO:
.string "%lld"
.text
.globl main
main:
pushq %rbp
movq %rsp, %rbp
subq $16, %rsp
pushq $1
movq %rbp, %rax
leaq -8(%rax), %rax
popq (%rax)
movq %rbp, %rax
leaq -8(%rax), %rax
movq (%rax), %rax
pushq %rax
popq %rdx
leaq IO(%rip), %rcx
subq $32, %rsp
callq printf
addq $32, %rsp
leaveq
retq
$ ./a.exe
1
Note: the above assembly was not optimized.
After optimization, the code become the following:
IO:
.string "%lld"
.text
.globl main
main:
pushq %rbp
movq %rsp, %rbp
subq $16, %rsp
pushq $1
movq %rbp, %rax
leaq -8(%rax), %rax
popq (%rax)
movq %rbp, %rax
leaq -8(%rax), %rax
movq (%rax), %rax
movq %rax, %rdx
leaq IO(%rip), %rcx
subq $32, %rsp
callq printf
addq $32, %rsp
leaveq
retq
I found the two rows
pushq %rax
popq %rdx
become one row.
movq rax, rdx
Here, the issue was resolved, it's caused by my mistake, since I am not really clear about the assembly code emitter module,
Thank all of you.
https://www.ed.tus.ac.jp/j-mune/ccp/
This question already has an answer here:
Using interrupt 0x80 on 64-bit Linux [duplicate]
(1 answer)
Closed 1 year ago.
I am trying to print the character h in assembly, but it is not outputting anything right now. I see no reason, nor can I understand why this is not working.
I would believe that it is because I am using %rbp instead of %eax but I am reasonably new to assembly, and I do not know whether writing to the %rbp register instead of %eax makes a difference.
.section .text
.global _start
_start:
mov %eax, %edi
call main
movl $1, %eax
int $0x80
main:
pushq %rbp
movq %rsp, %rbp
movl $4, %eax
movl $1, %ebx
push $0x068
movl $5, %edx
movq %rbp, %rsp
syscall
popq %rbp
ret
The code is compiled with
> as $(BIN_DIR)/assembly.asm -o $(BIN_DIR)/a.o
> ld $(BIN_DIR)/a.o -o $(BIN_DIR)/a
I looked up the structure in e.g. Free Pascal sources which somewhat illustrates how parameters are allocated and how success is determined.
movq sysnr, %rax { Syscall number -> rax. }
// for calls that have less parameters, just skip the relevant lines that load it
movq param1, %rdi { shift arg1 - arg5. }
movq param2, %rsi
movq param3, %rdx
movq param4, %r10
movq param5, %r8
movq param6, %r9
syscall { Do the system call. }
cmpq $-4095, %rax { Check %rax for error. }
jnae .LSyscOK { Jump to error handler if error. }
negq %rax
movq %rax,%rdi
call seterrno // call some function to set errno threadvar
movq $-1,%rax
.LSyscOK: // end of procedure
I could test using strncpy() with larger source string then the destination:
int main() {
char *ptr = malloc(12);
strcpy(ptr,"hello world!");
return 0;
}
Compiling with the flag -fstack-protector and using the -S option I got:
.file "malloc.c"
.text
.globl main
.type main, #function
main:
.LFB2:
.cfi_startproc
pushq %rbp
.cfi_def_cfa_offset 16
.cfi_offset 6, -16
movq %rsp, %rbp
.cfi_def_cfa_register 6
subq $32, %rsp
movl %edi, -20(%rbp)
movq %rsi, -32(%rbp)
movq %fs:40, %rax
movq %rax, -8(%rbp)
xorl %eax, %eax
movq $0, -16(%rbp)
movl $12, %edi
call malloc
movq %rax, -16(%rbp)
movq -16(%rbp), %rax
movabsq $8022916924116329800, %rdx
movq %rdx, (%rax)
movl $560229490, 8(%rax)
movb $0, 12(%rax)
movl $0, %eax
movq -8(%rbp), %rcx
xorq %fs:40, %rcx
je .L3
call __stack_chk_fail
.L3:
leave
.cfi_def_cfa 7, 8
ret
.cfi_endproc
.LFE2:
.size main, .-main
Could someone explain to me how this works? And why isn't the "canary word" also overwritten by the \0 of the hello world! string?
Could someone explain to me how does this work ?
Canary word is read from fs:40 and store at top of frame here:
movq %fs:40, %rax
movq %rax, -8(%rbp)
It's below the return address so if your code happens to overflow the buffer (which will be below -8(%rbp)), it'll first overwrite the -8(%rbp) location. This will be detected by GCC prior to issuing ret here:
movq -8(%rbp), %rcx
xorq %fs:40, %rcx ; Checks that %fs:40 == -8(%rbp)
je .L3 ; Ok, return
call __stack_chk_fail ; Die
as overwritten contents of -8(%rbp) will likely to be different from proper value (installed from fs:40).
And why is not the canary word also overwritten by the \0 of the hello world!?
Your code has heap overflow, not buffer overflow so SSP can't help...
I have tried to use an external function in assembly code:
.section .rodata
.LC0:
.string "My number is: %lld"
.text
.globl start
start:
pushq %rbp
movq %rsp, %rbp
subq $16, %rsp
movq $12345, -8(%rbp)
movq -8(%rbp), %rax
movq %rax, %rsi
movl $.LC0, %edi
movl $0, %eax
call printf # my external function
# exit-syscall
mov $1, %eax
mov $0, %ebx
int $0x80
I assembled and linked with:
as -o myObjfile.o mySourcefile.s
ld -e start -o myProgram -lc myObjfile.o
The executable is build, but it doesn't run, so what's wrong with it?
If I understand correctly if the function you want to call is in the C library you can just declare it as an external function.
.section .rodata
.LC0:
.string "My number is: %lld"
.text
.extern printf #declaring the external function
.globl start
start:
pushq %rbp
movq %rsp, %rbp
subq $16, %rsp
movq $12345, -8(%rbp)
movq -8(%rbp), %rax
movq %rax, %rsi
movl $.LC0, %edi
movl $0, %eax
call printf # my external function
# exit-syscall
mov $1, %eax
mov $0, %ebx
int $0x80
If this doesn't work try linking it explicitly with stdlib.h