0

I am trying to use mmap for my code but I dont have a clue to choose the values to store in the registers in pre interrupt processing. I picked up below part of code from somewhere. I am trying to print the return value (ig this will be stored in eax) after the interrupt but the value is negative(-14) which means the process is unsucessfull what should I change here?

mov     ebx,0                ;address

mov     edx,0x1              ;protection

mov     esi,0x2              ;flags

mov     edi,[file_descriptor];file descriptor

mov     ecx,4096             ;size

mov     ebp,0                ;offset is 0

mov     eax,192              ;mmap instruction code(90)

int     0x80                 ;For mmap

PutLInt eax                  ;printing the returned value after the system-call

I am getting strace output as:

        strace ./a
execve("./a", ["./a"], 0x7ffcdf6517c0 /* 49 vars */) = 0
strace: [ Process PID=20342 runs in 32 bit mode. ]
read(0, 3
"3\n", 256)                     = 2
creat("input.txt", 0700)                = 3
read(0, 4
"4\n", 20)                      = 2
write(3, "4\n", 2)                      = 2
read(0, 5
"5\n", 20)                      = 2
write(3, "5\n", 2)                      = 2
read(0, 6
"6\n", 20)                      = 2
write(3, "6\n", 2)                      = 2
write(1, "\n", 1
)                       = 1
write(1, "3", 13)                        = 1
write(1, "\n", 1
)                       = 1
write(1, "3", 13)                        = 1
write(1, "\n", 1
)                       = 1
mmap2(NULL, 4096, PROT_READ, MAP_PRIVATE, 3, 0) = -1 EACCES (Permission denied)
write(1, "-", 1-)                        = 1
write(1, "1", 11)                        = 1
write(1, "3", 13)                        = 1
exit(0)                                 = ?
+++ exited with 0 +++
Mike
  • 9
  • 3
  • 1
    You want the `mmap2` syscall, number 192. – Jester Apr 05 '22 at 10:33
  • @Jester In that case I am getting -19 as the return value. To be precise I just changed the value 90 to 192 in the code keeping everything else the same. Do you mean the same thing? – Mike Apr 05 '22 at 10:40
  • Yes. -19 is `ENODEV`. What is your file that you are trying to mmap? – Jester Apr 05 '22 at 10:52
  • @Jester first i am creating a file with system call 8 then writing some data in it with system call 3 then mmaping the file. When I created the file with system call 8 I gave the permissions as 0700, is this the reason? – Mike Apr 05 '22 at 11:00
  • When you use `strace ./a.out` to decode the system calls your program makes, what do you get? [edit] your answer to include strace output. It's an essential debugging tool that saves you tons of time writing debug prints or manually looking at stuff as you single-step in a debugger. – Peter Cordes Apr 05 '22 at 11:05
  • Did you write `0700` in your NASM source code? That's the same as `700`, [NASM numeric literals are different from C](https://stackoverflow.com/questions/39564402/how-to-represent-octal-numbers-in-assembly). Use `0o666` if you want octal. (Let umask take care of clearing write for other and maybe group, that's what it's for.) – Peter Cordes Apr 05 '22 at 11:07
  • @PeterCordes using mmap() giving this as output "mmap(NULL) = -1 EFAULT (Bad address) write(1, "-", 1-) = 1 write(1, "1", 11) = 1 write(1, "4", 14) = 1 exit(0) = ? +++ exited with 0 +++" What should I do now? – Mike Apr 05 '22 at 11:19
  • `mmap` (not `mmap2`) on i386 apparently just takes one pointer arg, to a struct of actual args maybe? If `strace` is decoding it correctly. And you passed NULL (ebx=0), therefore `-EFAULT`. What you should do now is try strace with EAX=192, `__NR_mmap2` like Jester already said. Also, edit your question with that strace output, since comments don't have good enough code formatting. Oh also, we see your program didn't make an `open` system call before mmap after all. – Peter Cordes Apr 05 '22 at 11:24
  • If you don't understand why certain args go in certain registers, see [Hello, world in assembly language with Linux system calls?](https://stackoverflow.com/q/61519222) / [What is the explanation of this x86 Hello World using 32-bit int 0x80 Linux system calls from \_start?](https://stackoverflow.com/q/45052162) – Peter Cordes Apr 05 '22 at 11:28
  • @PeterCordes I upated the question mmap->mmap2 and included the strace can you please check it now? I am getting ENODEV (-19) as error message – Mike Apr 05 '22 at 12:22
  • Seems fairly obvious that you can't usefully mmap fd=2 (stderr), and being open on a TTY would explain `-ENODEV`. Instead, pass it the fd of the file you just opened. As you can see from your strace output, you passed `2`, not the new fd which happened to be `3` here, as the 2nd-last arg. The 5th arg does go in EDI ([What are the calling conventions for UNIX & Linux system calls (and user-space functions) on i386 and x86-64](https://stackoverflow.com/q/2535989)) so you must be loading a `2` from your saved FD – Peter Cordes Apr 05 '22 at 12:24
  • Since you have a bunch of calls returning `2` it may be that you accidentally stored one of those in your `file_descriptor`. This is why [mcve] is important so we don't have to guess... – Jester Apr 05 '22 at 12:37
  • @PeterCordes I changed that , now I am getting EACCES(-13) as error what should I do now? I updated the strace in the above question, please have a look at it – Mike Apr 05 '22 at 13:11
  • Your create mode of `01274` is nonsense. – Jester Apr 05 '22 at 13:15
  • @Jester yeah ig I am doing this for the first time so.. So how should I create? – Mike Apr 05 '22 at 13:20
  • @Jester mov EAX,8 ; mov EBX,File_name ; mov ECX,0700 ; int 0x80. These are the instructions I used to create. Can you suggest a better way – Mike Apr 05 '22 at 13:22
  • As Peter already said, nasm does not parse `0700` as octal. You want `0o700`. – Jester Apr 05 '22 at 13:26
  • @Jester I updated it but in strace output 01274 changed to 0700 and still getting error EACCES(-13) as error. – Mike Apr 05 '22 at 13:33
  • 2
    Verify the permissions of the file created. Make sure you have deleted the old version with the wrong permissions first. Also note that `creat` implicitly uses `O_WRONLY` so you won't be able to map it for reading. Maybe use `open` with `O_CREAT|O_RDWR|O_TRUNC` instead. – Jester Apr 05 '22 at 13:38
  • @Jester instead of getting error now I am getting "mmap2(NULL, 4096, PROT_READ, MAP_PRIVATE, 3, 0) = 0xf7f5b000 " does that mean process is a success? If it is sucessfull in which register "0xf7f5b000" gets stored. – Mike Apr 05 '22 at 14:10
  • 2
    Yes. You get that in `eax` as usual. – Jester Apr 05 '22 at 14:17

0 Answers0