Hello World in ARM Assembly without data section

Question

I have a "Hello, World!" program in ARM assembly language and I want to convert it into shell code to execute it in a memory region. In Intel Assembly language I got rid of the .data section since only the .text section is being used when converting to shell code. (See here)

Now I am struggling to do the same in ARMs assembly language. The basis is the following code:

ARM Assembly Hello World

.global _start

_start:
    mov r7, #4
    mov r0, #1
    ldr r1,=string
    mov r2, #12
    swi 0
    mov r7, #1
    swi 0

.data
string:
  .ascii "Hello, World"

Modified ARM Assembly Hello World to omit the .data section

.global _start
.global mymessage

mymessage:
    mov r7, #4
    mov r0, #1
    pop {r1}
    mov r2, #12
    swi 0
    mov r7, #1
    swi 0

_start:
    bl mymessage
    .ascii "Hello, World"

But this doesn't work, since this is an "illegal instruction" apparently. Any ideas?

ARM already has PC-relative addressing, and in any case, `bl` does not push the return address on the stack. — Jester, May 10 '17 at 11:45
`bl` is the equivalent, but ARM does not put the return address on the stack. But since ARM has PC relative addressing you don't need the trick at all. — Jester, May 10 '17 at 11:49
since you string is a constant read-only in either case it could be in .text doesnt have to be in .data — old_timer, May 10 '17 at 13:25
Here is a nice setup to test this out: https://github.com/cirosantilli/arm-assembly-cheat/tree/e3477c16c8d5a59e239a202760223f4d86e199c9/linux — Ciro Santilli OurBigBook.com, Jul 18 '18 at 07:30

score 3 · Accepted Answer · edited Jul 18 '18 at 07:29

3

ARM already has PC-relative addressing, and in any case, bl does not push the return address on the stack.

This works:

.global _start

_start:
    mov r7, #4
    mov r0, #1
    adr r1, string
    mov r2, #12
    swi 0
    mov r7, #1
    swi 0

string:
  .ascii "Hello, World"

edited Jul 18 '18 at 07:29

Ciro Santilli OurBigBook.com

347,512
102
1,199
985

answered May 10 '17 at 11:48

Jester

56,577
4
81
125

Cool, thanks, this works! Now we just need to figure out how to convert this into shellcode. Any ideas? – Marvin May 10 '17 at 11:55
1

Not sure what you want to convert ... just run it through the assembler and you get the bytes. – Jester May 10 '17 at 11:56
We want to extract the shellcode like x04\xe7\x06...., and the bytes of the "string .ascii" area are separated from the rest of the bytes. Do I just put them all into a "combined" shellcode to execute it? – Marvin May 10 '17 at 11:59
2

Yes. Not sure what you mean by "separated" they should come directly after the code. – Jester May 10 '17 at 12:03
Never mind, I got it ;) Thanks for your help, @Jester! – Marvin May 10 '17 at 12:03
@Marvin - where you are to get the actual shellcode to work in a separate program? – InfinitelyManic May 10 '17 at 21:47
@InfinitelyManic What do you mean exactly? Are you asking how I am executing the shellcode in another program? – Marvin May 11 '17 at 07:37
@Marvin, I mean did you copy the Assembly byte code into a C program and successfully execute it? – InfinitelyManic May 11 '17 at 13:26

Hello World in ARM Assembly without data section

1 Answers1