Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 14 Jun 2004 12:40:40 -0400
From:      ari edelkind <edelkind-freebsd-hackers@episec.com>
To:        freebsd-hackers@freebsd.org
Subject:   Re: freebsd asm
Message-ID:  <20040614164040.GN14968@episec.com>
In-Reply-To: <003801c45207$01ddfa70$0200a8c0@peron>
References:  <003801c45207$01ddfa70$0200a8c0@peron>
next in thread | previous in thread | raw e-mail | index | archive | help 
jncastellano@noconname.org said this stuff:

[...]
> [demon]~$ cat hello.asm
> %include 'system.inc'
> section .data
> hola    db      'Hola', 0Ah
> hbytes  equ     $-hola
> section .text
> global  _start
> _start:
> push    dword   hbytes
> push    dword   hola
> push    dword   stdout
> sys.write
> push    dword   0
> sys.exit
> 
> [demon]~$ nasm -f elf hello.asm
> hello.asm:1: fatal: unable to open include file `system.inc'
> 
> ?Where is that file?... the -current port of nasm is incomplete ?

system.inc is not a part of nasm.

> Ok... we take some modifications...
> 
> << %include 'system.inc'
> <<push    dword   stdout   , and we replace it with push    dword   1

nasm also has no knowledge of sys.<func> style directives, so they are
ignored.  The directives in question would be located in the system.inc
file that you don't have, and your program may as well be:

  hola    db      'Hola', 0Ah
  hbytes  equ     $-hola
  section .text
  global  _start
  _start:
  push    dword   hbytes
  push    dword   hola
  push    dword   1
  push    dword   0

... which doesn't exit, therefore your program accesses memory addresses
that aren't meant to supply program code, and it crashes.

Freebsd system calls are generally accessed using interrupt vector 0x80.
The function that deals with this interrupt in the kernel expects the
number of the system call in eax, and it expects the program to have
called a function along the way.  Thus, it's looking for the following
stack structure:

    [RRRR][DDDD][SSSS][NNNN]

RRRR: return address, inserted by 'call' instruction
DDDD: descriptor vector
SSSS: string address
NNNN: number of bytes to write.

To get this, you can try something like the following:

  hola    db      'Hola', 0Ah
  hbytes  equ     $-hola
  section .text
  global  _start

  _start:

  push    dword   hbytes
  push    dword   hola
  push    dword   1
  mov     eax,    4  ; SYS_write
  call    doint

  push    dword   0
  mov     eax,    1  ; SYS_exit
  call    doint

  doint:
  int     0x80
  ret

You can find the necessary system call numbers in
/usr/include/sys/syscall.h .

ari

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040614164040.GN14968>