0

I am trying to write a "Hello World" program using stack memory.

section .text
global _start

_start:
    mov     al  , 0x01
    mov     dil , al                    

    push    0x0a646c72  ; text: "\nrld"
    push    0x6f57206f  ; text: "o Wo"
    push    0x6c6c6548  ; text: "Hell"

    mov     rsi , rsp
    mov     dl  , 0x0c
    syscall

    mov     al  , 0x3c
    xor     dil , dil
    syscall

But it is only printing "Hello Wo".
I understand stack memory follow the LIFO method.
There is no change in result, if I move this hex codes(Hello World\n) into three registers such as -

mov     r10 , 0x0a646c72
push    r10
mov     r11 , 0x6f57206f
push    r11
mov     r12 , 0x6c6c6548
push    r12

So, why this first push "rld\n" is not printing?

Peter Cordes
  • 328,167
  • 45
  • 605
  • 847
Tanzina Rahman Smita
  • 95
  • 3
  • Use `strace ./a.out` to see what system-call you actually made. Note that `push` is always an 8-byte push (from sign-extending the 32-bit immediate in this case), so you're storing 24 total bytes, 12 of them zeros. Also, you don't need to manually convert ASCII to hex, you could just ```push `\nrld` ``` / `mov rax, 'Hello Wo'` / `push rax`. – Peter Cordes May 03 '22 at 08:20
  • Also, if this is supposed to be shellcode, note that you're depending on RDX, RDI, and RAX initially being zero in their upper bytes. And you normally want to write output to stdout (fd 1) not stdin (fd 0) – Peter Cordes May 03 '22 at 08:23
  • Basically a duplicate of [Why does the push DWORD instruction equalize on 8 bytes?](https://stackoverflow.com/q/65269161) which is itself a duplicate of a few other questions. [Create an arg array for execve on the stack](https://stackoverflow.com/q/59825101) contains an answer to this as one of the bugs in that question, and does mention the issue. – Peter Cordes May 03 '22 at 08:34

0 Answers0