From owner-freebsd-hackers@FreeBSD.ORG Wed Mar 3 13:01:22 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A1BAB16A4CF for ; Wed, 3 Mar 2004 13:01:22 -0800 (PST) Received: from lilzmailso02.liwest.at (lilzmailso02.liwest.at [212.33.55.24]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3A4D243D2D for ; Wed, 3 Mar 2004 13:01:22 -0800 (PST) (envelope-from dgw@liwest.at) Received: from cm58-27.liwest.at ([212.33.58.27]) by lilzmailso02.liwest.at with esmtp (Exim 4.24) id 1AydUW-0001ZH-JW; Wed, 03 Mar 2004 22:01:20 +0100 From: Daniela To: ari Date: Wed, 3 Mar 2004 21:55:29 +0000 User-Agent: KMail/1.5.3 References: <200403022046.22882.dgw@liwest.at> <200403022210.31451.dgw@liwest.at> <20040303162632.GC50518@episec.com> In-Reply-To: <20040303162632.GC50518@episec.com> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200403032155.29618.dgw@liwest.at> cc: hackers@freebsd.org Subject: Re: Strange behaviour in assembly language program X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Mar 2004 21:01:22 -0000 On Wednesday 03 March 2004 16:26, ari wrote: > dgw@liwest.at said this stuff: > > > .text > > > .global _start > > > _start: > > > pushl $8 > > > pushl $0 > > > movl $1, %eax > > > int $0x80 > > > > With this suggestion, it always returns 0 instead of 1. > > Shouldn't pushl place 4 bytes on the stack? It translates into the > > instruction 0x6A (pushes only one byte). > > 32-bit, 80386-based processors cannot push one byte onto the stack; they > can push only in 2- or 4-byte increments (word or double-word). While > instruction 0x6a pushes an immediate one-byte value, this is only to > save instruction space. The number is in fact pushed as a 32-bit > ("sign-extended") value. Ah yes, silly me. I constantly forget the fact that when you push someting on the stack, the stack pointer does not increment but rather decrement. That's quite unnatural to me. The kernel expects the first argument 4 bytes *below* the stack pointer, and I pushed that stuff in the wrong order. This code works to return 0x57: 31 c0 40 6a 57 50 cd 80 But that needs 8 bytes! Can't it be shortened? I noticed that some registers contain zero on program startup. Can I safely assume they are always initialized to zero and just leave that 31 c0 out? I would need at least one byte off to have it fit nicely into the padding of the e_ident array, while not stepping on the program header. *g* (I've become fed up with software bloat)