0

I'm not able to write a syscall in X86 ASM for Linux. I'm reading this "tutorial"

https://en.wikibooks.org/wiki/X86_Assembly/Interfacing_with_Linux

but i don't want to use the "hello world" in the .rodata section: i want to create it in the stack and then using it with the syscall. In C language it should be written as

#include <unistd.h>
int main() { 
    char string[12] = {'H', 'e', 'l', 'l', 'o', ' ', 'W', 'o', 'r', 'l', 'd', '\0'};
    write(1, string, 11); 
    return 0; 
}

I'm not able to write it in ASM using int 0x80. Any suggestion?

I've tried it but the code is a mess. Here is my code:

.intel_syntax noprefix
.section .text
.global _start

_start:
push    4
pop     rax             
xor     ebx,ebx
inc     ebx                 # ebx = 1 = stdout            
mov     DWORD PTR [rsp-0x4],0x646c72
mov     DWORD PTR [rsp-0x8],0x6f57206f
mov     DWORD PTR [rsp-0xc],0x6c6c6548
sub rsp, 0xc
xor     rcx,rcx
mov rcx, rsp
push    11
pop     rdx             
int     0x80
xor     eax,eax
inc     eax             
xor     ebx,ebx         
int     0x80

Is this a good way to do it? Is there a better way?

Robert Columbia
  • 6,313
  • 15
  • 32
  • 40
Alvin
  • 139
  • 6
  • 4
    Why do you use `int 0x80` to make system calls in 64 bit mode? That's not correct, cf. [this question](https://stackoverflow.com/q/46087730/417501), and would explain your problems (the stack is located outside the first 4 GB of RAM). – fuz Apr 15 '18 at 10:41
  • 1
    @Alvin In that case no one can see what you've done wrong and provide an adequate answer. The question then boils down to "Please do my work for me," instead of "What is wrong with my code?" – tambre Apr 15 '18 at 10:45
  • @Alvin If you don't show us what you tried, it is impossible to know what answer you expect. Also, it protects against people who just want me to do their homework with zero effort on their part. For example, without your attempt I would have assumed that you knew how to do 64 bit system calls and would have made no progress towards an answer. – fuz Apr 15 '18 at 10:48
  • Your code looks like it should work if you use correct amd64 system calls, by the way. Make sure to use the correct registers and system call numbers (which are generally different than 32 bit system call numbers!) – fuz Apr 15 '18 at 10:51
  • Also: if you don't want to show your code, why do you assume I want to show you an answer? – fuz Apr 15 '18 at 10:52
  • @fuz Thanks for the link and the clarification: i didn't know the int 0x80 limitations in a 64bit environment – Alvin Apr 15 '18 at 11:08
  • @Alvin It's less of a limitation and more of a “not the tool you are looking for.” Think about it like this: `int 0x80` is for 32 bit programs only. By chance, it can also be used in 64 bit programs but it's not intended to be used for this purpose. – fuz Apr 15 '18 at 11:09

0 Answers0