From owner-freebsd-hackers@FreeBSD.ORG Mon Jun 14 16:41:08 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E8D5016A4CE for ; Mon, 14 Jun 2004 16:41:08 +0000 (GMT) Received: from episec.com (episec.com [69.55.237.141]) by mx1.FreeBSD.org (Postfix) with SMTP id AC6A043D53 for ; Mon, 14 Jun 2004 16:41:08 +0000 (GMT) (envelope-from edelkind-freebsd-hackers@episec.com) Received: (qmail 98607 invoked by uid 1024); 14 Jun 2004 16:40:40 -0000 Date: Mon, 14 Jun 2004 12:40:40 -0400 From: ari edelkind To: freebsd-hackers@freebsd.org Message-ID: <20040614164040.GN14968@episec.com> Mail-Followup-To: ari edelkind , freebsd-hackers@freebsd.org References: <003801c45207$01ddfa70$0200a8c0@peron> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <003801c45207$01ddfa70$0200a8c0@peron> Subject: Re: freebsd asm X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Jun 2004 16:41:09 -0000 jncastellano@noconname.org said this stuff: [...] > [demon]~$ cat hello.asm > %include 'system.inc' > section .data > hola db 'Hola', 0Ah > hbytes equ $-hola > section .text > global _start > _start: > push dword hbytes > push dword hola > push dword stdout > sys.write > push dword 0 > sys.exit > > [demon]~$ nasm -f elf hello.asm > hello.asm:1: fatal: unable to open include file `system.inc' > > ?Where is that file?... the -current port of nasm is incomplete ? system.inc is not a part of nasm. > Ok... we take some modifications... > > << %include 'system.inc' > < style directives, so they are ignored. The directives in question would be located in the system.inc file that you don't have, and your program may as well be: hola db 'Hola', 0Ah hbytes equ $-hola section .text global _start _start: push dword hbytes push dword hola push dword 1 push dword 0 ... which doesn't exit, therefore your program accesses memory addresses that aren't meant to supply program code, and it crashes. Freebsd system calls are generally accessed using interrupt vector 0x80. The function that deals with this interrupt in the kernel expects the number of the system call in eax, and it expects the program to have called a function along the way. Thus, it's looking for the following stack structure: [RRRR][DDDD][SSSS][NNNN] RRRR: return address, inserted by 'call' instruction DDDD: descriptor vector SSSS: string address NNNN: number of bytes to write. To get this, you can try something like the following: hola db 'Hola', 0Ah hbytes equ $-hola section .text global _start _start: push dword hbytes push dword hola push dword 1 mov eax, 4 ; SYS_write call doint push dword 0 mov eax, 1 ; SYS_exit call doint doint: int 0x80 ret You can find the necessary system call numbers in /usr/include/sys/syscall.h . ari