使用堆栈串写的Linux电话SYS [英] Linux write sys call using string on stack

问题描述

我刚开始教自己从这些视频教程在Linux x86汇编。在早期它教你如何使用写入SYS-调用打印存储在数据段的字符串。是有可能使用写入系统调用以打印存储在栈上的字符串。这里是code我写了尝试做这里面似乎并没有工作。

I have just started to teach myself x86 assembly on linux from these video tutorials. Early on it teaches you how to use the write sys-call to print a string that is stored in the data section. Is it possible to use the write syscall to print a string that is stored on the stack. Here is the code I wrote to try and do this which doesn't seem to work.

.data
abc: 
    .asciz "ABC"
.text
    .globl _start

_start:
    pushq %rbp
    movq %rsp, %rbp
    subq $32, %rsp
    leaq -32(%rbp), %rdi
    movb $65, (%rdi)        #move 'A' on to stack
    addq $1, %rdi           
    movb $66, (%rdi)        #move 'B' on to stack
    addq $1, %rdi
    movb $67, (%rdi)        #move 'C' on to stack
    addq $1, %rdi
    movb $0, (%rdi)         #Null terminate  

    movq $4, %rax           #4 is write syscall
    movq $1, %rbx           #1 for stdout
    movq %rsp, %rcx         #pointer to ABC string on stack
    movq $3, %rdx           #length of string
    int $0x80

    movq $1, %rax           #exit syscall
    xorq %rbx, %rbx
    int $0x80

这只是程序运行和退出而不打印ABC，但如果我通过存储在数据段中的字符串，ABC被打印出来。我是不是做错了什么或者你能不能做这种方式。任何帮助AP precitated。

This program just runs and exits without printing ABC, but if I pass the string stored in the data segment, ABC is printed. Am I doing something wrong or can you not do it this way. Any help apprecitated.

推荐答案

您的系统调用数字似乎遥远。

Your syscall numbers seem WAY off.

在您使用 MOVQ 和R的寄存器，我能猜到你想上的x86-64。纵观在 /usr/include/asm/unistd_64.h ，我可以看到以下内容：

From your use of movq and the "r" registers, I can guess you are trying on x86-64. Taking a look at /usr/include/asm/unistd_64.h, I can see the following:

#define __NR_write                              1
#define __NR_stat                               4
#define __NR_exit                               60

strace的同意我：

$ strace ./abc
execve("./abc", ["./abc"], [/* 43 vars */]) = 0
stat("", NULL)                          = -1 EFAULT (Bad address)
write(-1698988341, NULL, 3 <unfinished ... exit status 0>

请注意，该参数也路要走。您还使用了错误的寄存器参数的其余部分。在X86-64调用约定，据我所知，使用的参数如下寄存器，顺序如下： RDI ， RSI ， RDX ， R10 ， R8 ， R9 。

Note that the parameters are also way off. You are also using the wrong registers for the rest of the parameters. The calling convention on x86-64, AFAIK, uses the following registers for the parameters, in this order: rdi, rsi, rdx, r10, r8, r9.

也许你正在尝试做的系统调用的x86-64他们在i386做的方式，并期待它是一样的吗？

Perhaps you are trying to do syscalls on x86-64 the way they are done on i386 and expecting it to be the same?

这篇关于使用堆栈串写的Linux电话SYS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！