section .text
global _start ;must be declared for linker (ld)
_start:
mov eax,5
mov ebx,plname
mov ecx,0x202
mov edx,0700o
int 0x80
mov eax,4
mov ecx,plaintext
mov edx,256
int 0x80
xor eax,eax
inc eax
xor ebx,ebx
int 0x80
section .data
key db '123456passwordqwerty',0x0
keylen equ $ - key ;length of our dear string
plname db 'plname.bin',0x0
plaintext times 256 db 1
first part planned to create a file specified in plname, first time I'd tryed create it into /tmp/plname.bin and after fail, try to create at least into excuting directory.I've also tried create syscall and got the same results.
programm fails on open syscall, after excuting int 0x80 instruction, eax contains -2, programm ends normally, but doesn't create file.
here i got flags and mods
https://sourceware.org/gdb/onlinedocs/gdb/mode_005ft-Values.html#mode_005ft-Values
here is gdb output
Dump of assembler code for function _start:
0x08048080 <+0>: mov $0x8,%eax
0x08048085 <+5>: mov $0x80490c9,%ebx
0x0804808a <+10>: mov $0x700,%ecx
0x0804808f <+15>: int $0x80
0x08048091 <+17>: mov $0x4,%eax
0x08048096 <+22>: mov $0x80490e3,%ecx
0x0804809b <+27>: mov $0x100,%edx
0x080480a0 <+32>: int $0x80
0x080480a2 <+34>: xor %eax,%eax
0x080480a4 <+36>: inc %eax
0x080480a5 <+37>: xor %ebx,%ebx
0x080480a7 <+39>: int $0x80
End of assembler dump.
Breakpoint 1, 0x0804808f in _start ()
(gdb) i r eax
eax 0x5 5
(gdb) stepi
0x08048094 in _start ()
(gdb) i r eax
eax 0x5 5
(gdb) i r eax ebx ecx edx esi edi
eax 0x5 5
ebx 0x80490d1 134516945
ecx 0x202 514
edx 0x1c0 448
esi 0x0 0
edi 0x0 0
(gdb) stepi
0x08048096 in _start ()
(gdb) i r eax ebx ecx edx esi edi
eax 0xfffffffe -2
ebx 0x80490d1 134516945
ecx 0x202 514
edx 0x1c0 448
esi 0x0 0
edi 0x0 0
You used the wrong reference manual. What you linked to is the flags used in the gdb protocol, not the ones used by system calls.
O_CREAT is actually 0100 octal, so you should do mov ecx,0102o.
Also note you have forgotten to move the returned file descriptor from eax to ebx for the sys_write.
Working code:
section .text
global _start ;must be declared for linker (ld)
_start:
mov eax,5
mov ebx,plname
mov ecx,0102o
mov edx,0700o
int 0x80
mov ebx, eax
mov eax,4
mov ecx,plaintext
mov edx,256
int 0x80
xor eax,eax
inc eax
xor ebx,ebx
int 0x80
section .data
key db '123456passwordqwerty',0x0
keylen equ $ - key ;length of our dear string
plname db 'plname.bin',0x0
plaintext times 256 db 1
Related
Basically I am trying to execute the command /bin/ls using assembly, but unfortunately I am failing:
SECTION .data
buf: db "Hello", 5
SECTION .text
global _start
_start:
xor eax, eax
mov edx, eax
push edx
mov eax, 0x736c2f2f ; "sl/"
push eax
mov eax, 0x6e69622f ; "nib/"
push eax
mov ebx, esp
push edx
mov eax, 0x2f
push eax
mov ecx, esp
mov eax, 11
xor edx, edx
int 0x80
mov eax, 1
int 0x80
But If I change the mov eax, 11 to mov eax, 4 and add mov edx, 7 after xor edx, edx. It do print /bin/ls
Can anyone point the mistake I am making?
Compiling the code with nasm -g -f elf -F dwarf ./shell.asm && ld -m elf_i386 -o shell shell.o and my arc is Linux kali 5.2.0-kali2-amd64 #1 SMP Debian 5.2.9-2kali1 (2019-08-22) x86_64 GNU/Linux
Found the problem, as pointed by #Jestor (thank you), I needed to store the executing file at ebx and all the arguments including the filename in ecx and set edx to null as below:
SECTION .data
buf: db "./", 0
SECTION .text
global _start
_start:
xor eax, eax
xor edx, edx
push eax
push long 0x736c2f2f ; "sl/"
push long 0x6e69622f ; "nib/"
mov ebx, esp
push eax
push byte 0x2f
mov esi, esp
push eax
push esi
push ebx
mov ecx, esp
mov eax, 0x0b
int 0x80
mov eax, 1
int 0x80
after my working shell, the ecx looked like below:
(gdb) x/50x $ecx
0xffffd370: 0xffffd384 0xffffd37c 0x00000000 0x0000002f
0xffffd380: 0x00000000 0x6e69622f 0x736c2f2f 0x00000000
I'm writing a program to print binary string of a hardcoded word. Here is how it looks like currently:
main.asm
section .text
global _start
extern _print_binary_content
_start:
push word [word_to_print] ; pushing word. Can we push just one byte?
call _print_binary_content
mov rax, 60
mov rdi, 0
syscall
section .data
word_to_print: dw 0xAB0F
printer.asm
SYS_BRK_NUM equ 0x0C
BITS_IN_WORD equ 0x10
SYS_WRITE_NUM equ 0x01
STD_OUT_FD equ 0x01
FIRST_BIT_BIT_MASK equ 0x01
ASCII_NUMBER_OFFSET equ 0x30
section .text
global _print_binary_content
_print_binary_content:
pop rbp
xor ecx, ecx ;zeroing rcx
xor ebx, ebx ;zeroing rbx
pop bx ;the word to print the binary content of
;sys_brk for current location
mov rax, SYS_BRK_NUM
mov rdi, 0
syscall
;end sys_brk
mov r12, rax ;save the current brake location
;sys_brk for memory allocation 16 bytes
lea rdi, [rax + BITS_IN_WORD]
mov rax, SYS_BRK_NUM
syscall
;end sys_brk
xor ecx, ecx
mov cl, byte BITS_IN_WORD - 1; used as a counter in the loop below
loop:
mov dx, bx
and dx, FIRST_BIT_BIT_MASK
add dx, ASCII_NUMBER_OFFSET
mov [r12 + rcx], dl
shr bx, 0x01
dec cl
cmp cl, 0
jge loop
mov rsi, r12
mov rax, SYS_WRITE_NUM
mov rdi, STD_OUT_FD
mov rdx, BITS_IN_WORD
syscall
push rbp ; pushing return address back
ret
If I compile link and run this program it works. But the question is about performance and maybe conventions of writing assembly programs. In the file printer.asm I cleaned ecx twice which looks kind of not optimal. Maybe some registers were used not by their purpose (I used intel-manual).
Can you please help me to improve this very simple program?
I'm trying to make a very simple assembly program run, however I seem to get segfaults whatever I do.
Here is my code (should print 'a' on a linux machine)
section .data
buffer times 50 db 97
pointer db 0
section .text
global _start
_start:
mov ECX , pointer
mov EDX , [buffer + ECX]
mov EAX , 4
mov EBX , 1
mov ECX , EDX
mov EDX , 1
int 0x80
It causes a segfault on the first MOV but it seems obvious to me that it should work.
I reduced it to almost nothing and it still segfault.
section .data
msg db "hello"
section .text
global _start
_start:
mov EAX,1
I've run this succesfully:
section .text
global _start
_start:
mov ax, 0b
dec ax
sub ax, 11111111b
mov bx, 97
add ax, bx
mov [INVENTORY], ax ; put a in first inventory pos
mov eax, 4
mov ebx, 1
mov ecx, INVENTORY
mov edx, 1
int 0x80
mov ax, [INVENTORY]
add ax, 1
mov [INVENTORY + 1], ax ; put b in second inventory pos
mov [VAR], ax
mov eax, 4
mov ebx, 1
mov ecx, VAR
mov edx, 1
int 0x80
mov eax, 4
mov ebx, 1
mov ecx, '\n'
mov edx, 1
int 0x80
mov eax,1
int 0x80
_newline:
section .data
VAR DW 0
INVENTORY TIMES 8 DW 0
Is it possible that it has to do with the symbols I use for newlines or tabs? I generate the assembly from java and I use \t for tabs and \n for new lines (and spaces so it doesn't look too bad.
I'm using NASM and I'm running it here:
https://www.tutorialspoint.com/compile_assembly_online.php
Thank you!
If you are just trying to print out a set of 'a's.
section .data
buffer times 50 db 97
len.buffer equ $-buffer
pointer db 0
section .text
global _start
_start:
; ssize_t write(int fd, const void *buf, size_t count);
; i386 ebx ecx edx esi edi ebp
mov EAX , 4 ; write syscall
mov EBX , 1 ; std out
lea ecx, [buffer] ; buffer
mov edx, len.buffer ; size
int 0x80
_exit:
mov eax, 1 ; exit syscall
int 0x80
output:
./yvon_001
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ndavid#ubuntuserver00A:~/asm$ ./yvon_001
In the end #MichealPetch was right, I needed to add an EXIT syscall at the end of the code. The sample I tried still did a SEGFAULT because I was moving pointer instead of [pointer] in a registry.
Thanks for comments and answers!
global _start
section .data
var dq 12494F04A6344129h
msg db "The number of times 4 present in the given number"
len equ $-msg
novar db 00
section .bss
section .text
mov dl,0Ah
mov cl,10
_start :
mov rsi,var
up: mov al,byte ptr [rsi]
mov ah,00
div dl
cmp ah,04
je dn
jne dn1
dn: inc byte[novar]
dn1: inc rsi
dec cl
jne up
jmp exit
exit: mov eax,4
mov ebx,1
mov ecx,msg
mov edx,len
int 80h
mov eax,4
mov ebx,1
mov ecx,novar
mov edx,1
int 80h
mov eax,1
mov ebx,0
int 80h
Nasm doesn't use "ptr" - that won't even assemble.
The first two lines - above the _start: label - are never executed, so those registers are never initialized. That's probably what causes the exception. dl is probably zero!
len is fine - it's an equate, not a variable.
You probably want to add the character '0' to novar before printing it.
None of this looks useful to me. Are you sure this is the question you're trying to answer, #Shubham Satpute?
I want to call a syscall in assembly. The problem is I can't mov ecx,rsp. rsp is 64-bit register, ecx is a 32-bit register. I want to pass the buffer addr as a parameter of this syscall. What can I do? Thanks.
section .data
s0: db "Largest basic function number supported:%s\n",0
s0len: equ $-s0
section .text
global main
extern write
main:
sub rsp, 16
xor eax, eax
cpuid
mov [rsp], ebx
mov [rsp+4], edx
mov [rsp+8], ecx
mov [rsp+12], word 0x0
mov eax, 4
mov ebx, 1
mov ecx, rsp
mov edx, 4
int 80h
mov eax, 4
mov ebx, 1
mov ecx, s0
mov edx, s0len
int 80h
mov eax, 1
int 80h
To make a system call in 64-bit Linux, place the system call number in rax, and its arguments, in order, in rdi, rsi, rdx, r10, r8, and r9, then invoke syscall.
Note that 64-bit call numbers are different from 32-bit call numbers.
Here is an example in GAS syntax. NASM syntax for putting an address in a register is lea rsi, [rel message] using a RIP-relative LEA.
.global _start
.text
_start:
# write(1, message, 13)
mov $1, %rax # system call 1 is write
mov $1, %rdi # file handle 1 is stdout
lea message(%rip), %rsi # address of string to output
mov $13, %rdx # number of bytes
syscall
# exit(0)
mov $60, %rax # system call 60 is exit
xor %rdi, %rdi # return code 0
syscall
.section .rodata # read-only data section
message:
.ascii "Hello, World\n"
See also What happens if you use the 32-bit int 0x80 Linux ABI in 64-bit code?