From owner-freebsd-hackers@FreeBSD.ORG Sun Apr 24 10:28:26 2005 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5309316A4CE for ; Sun, 24 Apr 2005 10:28:26 +0000 (GMT) Received: from smtp001.mail.ukl.yahoo.com (smtp001.mail.ukl.yahoo.com [217.12.11.32]) by mx1.FreeBSD.org (Postfix) with SMTP id 2D38F43D31 for ; Sun, 24 Apr 2005 10:28:25 +0000 (GMT) (envelope-from maverick31337@vfemail.net) Received: from unknown (HELO ?219.197.212.112?) (fcknroll2@219.197.212.112 with plain) by smtp001.mail.ukl.yahoo.com with SMTP; 24 Apr 2005 10:28:23 -0000 Message-ID: <426B74C5.3090509@vfemail.net> Date: Sun, 24 Apr 2005 19:28:21 +0900 From: "Tetsuji \"Maverick\" Rai" User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b2) Gecko/20050401 MIME-Version: 1.0 To: HHCHANG References: <001601c548a5$bcdde6b0$6702a8c0@IBM6C6CDABCD41> In-Reply-To: <001601c548a5$bcdde6b0$6702a8c0@IBM6C6CDABCD41> X-Enigmail-Version: 0.90.1.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit cc: freebsd-hackers@freebsd.org Subject: Re: about execute assembly exapmles under freebsd X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Apr 2005 10:28:26 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HHCHANG wrote: > Hi, I couldn't execute assembly example under freebsd . The > environment and tools I used were (in IBM X31 box): 1. bash-2.05b# > uname -a FreeBSD sexbear.localhost 5.3-STABLE FreeBSD 5.3-STABLE > #3: Sun Feb 20 21:55:06 UTC 2005 > ?root@sexbear.localhost:/usr/obj/usr/src/sys/SEXBEAR??i386 2. > bash-2.05b# as -v GNU assembler version 2.15 [FreeBSD] 2004-05-23 > (i386-obrien-freebsd) using BFD version 2.15 [FreeBSD] 2004-05-23 > > bash-2.05b# ld -v GNU ld version 2.15 [FreeBSD] 2004-05-23 > > 3.(compile and execute the example) bash-2.05b# as -gstabs -o > cpuid.o cpuid.s ld -o cpuid cpuid.o cpuid (no output after > executing the program) gdb cpuid (gdb) run Starting program: > /usr/local/src/code/chap04/cpuid Program exited with code 0340. > (gdb) break *_start (gdb) run Program exited with code 0340. > ###################example in > book################################### #cpuid.s Sample program to > extract the processor Vendor ID .section .data output: .ascii "The > processor Vendor ID is 'xxxxxxxxxxxx'\n" .section .text .globl > _start _start: movl $0, %eax cpuid movl $output, %edi movl %ebx, > 28(%edi) movl %edx, 32(%edi) movl %ecx, 36(%edi) movl $4, %eax movl > $1, %ebx movl $output, %ecx movl $42, %edx int $0x80 movl $1, %eax > movl $0, %ebx int $0x80 > > ###################example in > book################################### > > I viewed the tutorial: http://www.int80h.org/bsdasm/. but I > couldn't find any syntax error in the program. Could someone give > me a hint where I could find the more information? Thanks~ > > Regards, hi, There are some mistakes in that code. 1. Your code is calling systemcall in Linux mode..not in FreeBSD. In FreeBSD, you need to push arguments in stack as in C language. 2. mov $output,%eax loads the "content" of $output, instead of the address (or pointer) of $output. So you have to take care :) 3. An improvement can be done when you want to load 0 (zero) into a register, you should use "xor %eax,%eax" or "sub %eax,%eax" because it will make your code shorter and faster. So I made a working code, t.s; - ------t.s------------ .section .data output: .ascii "The processor Vendor ID is 'xxxxxxxxxxxx'\n" .section .text .globl _start _start: xor %eax, %eax cpuid lea output, %edi # load address of output in edi movl %ebx, 28(%edi) movl %edx, 32(%edi) movl %ecx, 36(%edi) pushl $42 lea output, %eax pushl %eax pushl $1 mov $4,%eax push %eax int $0x80 add $16,%esp xor %eax,%eax push %eax # this is shorter than "pushl $0" inc %eax # put $1 in %eax. This is faster and shorter. push %eax int $0x80 - ----------end of t.s-------- It is assembled and works like this - ------cut-------- freebsd53:~/tmp% as t.s -o t.o freebsd53:~/tmp% ld t.o -o t freebsd53:~/tmp% ./t The processor Vendor ID is 'GenuineIntel' - ------------------ I made a small homepage about Linux shellcode (assembler code utilities for hacking.) http://shellcode.4pu.com/ Have fun!! btw my father was born in Taiwan. My last name should be "Lai" instead of "Rai" - -- Tetsuji 'Maverick' Rai PGP Key fingerprint = 2021 6BF9 CEA3 73DE FF17 B326 F4DA F04E F784 3B85 gpg fingerprint Aviation Jokes: http://www.geocities.com/tetsuji_rai/ Profile http://maverick.ns1.name/ http://maverick.IsASecret.com/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFCa3TF9NrwTveEO4URAhaVAJwL2T20SQ0o2O6sydX3pBPke98KswCbBvqI Cljbd60/yH8r95BUX3l0Chk= =SxAD -----END PGP SIGNATURE-----