1

My code:

section .data
    binsh: db "/bin/sh"

section .text
global start
start
    mov rax, 59 ; move syscall execve (59) to rax
    mov rdi, binsh ; command
    mov rsi, 0 ; argv
    mov rdx, 0 ; envp
    int 0x80
    mov rax, 60 ; move syscall exit (60) to rax
    mov rdi, 0 ; exit 0
    int 0x80

This does not work because i dont know how to use the execve syscall. strace is showing this:

execve("./first_assembler", ["./first_assembler"], [/* 67 vars */]) = 0
execve("/bin/sh", NULL, NULL)           = -1 EFAULT (Bad address)
exit(0)                                 = ?
<... exit resumed> strace: _exit returned!
)                    = ?
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0} ---
+++ killed by SIGSEGV (core dumped) +++

What is the correct usage of the execve syscall?

BitFriends
  • 379
  • 5
  • 18
  • https://filippo.io/linux-syscall-table/ – Michael Oct 31 '19 at 21:12
  • And see https://stackoverflow.com/a/46087731/1524450 for why you should be using `syscall` instead of `int 0x80` in 64-bit code (as the first link I posted also mentions). – Michael Oct 31 '19 at 21:16
  • You used the 64-bit call number and registers correctly, but invoked the 32-bit `int 0x80` ABI instead of the 64-bit `syscall` ABI. `strace` decodes it wrong; you actually made a `__NR_oldolduname` system call, with non-pointers in EBX, ECX, and EDX. – Peter Cordes Oct 31 '19 at 23:48

0 Answers0