2

I want to know what is the difference between the data section and text section in terms of the entire code in a specific section.

I was trying to run the code I have added here. In the data sectoin it runs and prints "af)a" If I change it to the text section in line 2, it seg fault.

I can't figure out what are the crucial differences. Thanks :) 

global _start
section .data

_start: mov ecx, 3
    xor byte [_start + 1], 0x02
    pushad  
    mov eax, 4
    mov ebx, 1
    mov edx, ecx
    mov ecx, dword blah
    int 0x80
blah:   popad
    sub bx, ax
    loop _start
    mov eax, 1
    mov ebx, 2
    int 0x80
fin:

expected code to yield the same result, but was proven otherwise.

Avishai Yaniv
  • 420
  • 5
  • 15
  • 1
    The text section is executable but not writable, the data section is writable but not executable. Some operating system cannot enforce the “no execute” rule. – fuz Jun 21 '19 at 19:17
  • 4
    `.text` is typically read only, executable. `.data` is read-write and is not supposed to be executable although sometimes (as in your case) it is. Note those are just built-in default attributes. See also [7.9.2 elf Extensions to the SECTION Directive](https://www.nasm.us/xdoc/2.11.08/html/nasmdoc7.html#section-7.9.2) in the nasm manual. – Jester Jun 21 '19 at 19:17
  • Your code seems very overcomplicated. You use the slow `loop` instruction, but you reset the loop counter to `3` inside the loop. And you save/restore all the registers with `pushad`/`popad` for no reason. Just use `jmp _start` instead of `loop`. Or if you want a non-infinite loop, use a different register for the counter. – Peter Cordes Jun 21 '19 at 19:19
  • If only I had a say.. this is my professor weird mind haha – Avishai Yaniv Jun 21 '19 at 21:00

1 Answers1

3

difference between .text and .data

I don't know about the MASM assembler but the GNU assembler makes two differences:

  1. The name (.text in one case, .data in the other case). However, this name is ignored by the operating system.
  2. The section flags in the executable file:
    • SHF_ALLOC | SHF_EXECINSTR for .text and
    • SHF_ALLOC | SHF_WRITE for .data

The "section flags" tell the operating system what kind of data is present in the section and what kind of operations are allowed:

  • SHF_EXECINSTR means that the section contains code which can be executed. If this flag misses, the program will crash in most OSs if the section contains code. Older 32-bit CPUs did not support this, so this flag was ignored by many OSs when running 32-bit programs. Obviously, your OS ignores this flag; otherwise the .data variant of your program would crash because the code is located in the .data section.

  • SHF_WRITE means that data in the section can be overwritten. If this flag is missing and you are trying to do a write operation to the data in the section, the program will crash.

Of course it would be possible to manipulate the executable file in a way that the section .text has the SHF_WRITE flag set. (And some assemblers allow setting this flag for the .text section directly.) In this case your program would not crash if you write to the .text section.

Martin Rosenau
  • 17,897
  • 3
  • 19
  • 38
  • You can get executable `.data` (and stack and BSS) by linking with `gcc -zexecstack`. The `ld` man page documents `ld -N` (aka `ld --omagic`) to give the text segment read+write permission. (And the `.text` section gets linked into the text segment of an executable). – Peter Cordes Jun 22 '19 at 19:33
  • Update to previous comment: on modern Linux kernels, the ELF flag set by `gcc -z execstack` truly only makes the stack itself executable. See [How to get c code to execute hex machine code?](https://stackoverflow.com/a/55893781) – Peter Cordes Mar 28 '22 at 00:32