x86_64的装配execve的*的char []系统调用 [英] x86_64 assembly execve *char[] syscall

问题描述

我试图进入一个位Linux 64位x86汇编中不使用标准库，但是我有处理psented到我的节目（的argv）参数$ P $的一些问题。我认为（基于文件）的 RSP 标志着ARGC四字的开始，而 [RSP + 8] 将argv的。不幸的是并非如此，下面（有删节）计划使 EFAULT（地址错误）。

I am trying to get into a bit of Linux 64bit x86 assembly without using the standard libs, however I am having some issues dealing with arguments presented to my program (argv). I would think (based on documentation) that rsp marks the beginning of the argc qword, whilst [rsp + 8] would be argv. Unfortunately this is not the case, and the following (abridged) program causes EFAULT (Bad address).

sys_execve equ 59
sys_exit equ 60

section .data
    child db "/bin/sh", 0

global _start

section .text
    _start:
        mov rdi, child      ; #1 filename
        mov rsi, [rsp + 8]      ; #2 argv
        mov rdx, 0      ; #3 envp = 0

        mov rax, sys_execve ; execve
        syscall
        mov rax, rdi        ; #1 Return value
        mov rax, sys_exit   ; exit
        syscall

帮助与问候了AMD64调用约定，并通过 *的char [] 进入内核将AP preciated。

Help with regards to the amd64 calling convention and passing *char[] into the kernel would be appreciated.

感谢

推荐答案

在 RSP + 8 你会发现与程序路径的字符串的地址。该指针的第一个参数是 [RSP + 16] 。但对于的execve 你需要一个指向指针数组为字符串它的指针开始一个程序路径（你可以（AB）使用 [ RSP + 8] ）。

At rsp+8 you'll find the address of a string with the program path. The pointer to the first argument is at [rsp+16]. But for execve you need a pointer to an array of pointer to strings which begins with a pointer to a program path (you can (ab)use [rsp+8]).

所以更改

mov rsi, [rsp + 8]

到

lea rsi, [rsp + 8]

这篇关于x86_64的装配execve的*的char []系统调用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！