Linux使用堆栈上的字符串编写系统调用

发布于 2024-11-24 06:02:55 字数 927 浏览 1 评论 0原文

我刚刚开始通过这些视频教程在 Linux 上自学 x86 汇编。早期它教您如何使用 write 系统调用来打印存储在数据部分中的字符串。是否可以使用 write 系统调用来打印存储在堆栈上的字符串。这是我编写的尝试执行此操作的代码，但似乎不起作用。

.data
abc: 
    .asciz "ABC"
.text
    .globl _start

_start:
    pushq %rbp
    movq %rsp, %rbp
    subq $32, %rsp
    leaq -32(%rbp), %rdi
    movb $65, (%rdi)        #move 'A' on to stack
    addq $1, %rdi           
    movb $66, (%rdi)        #move 'B' on to stack
    addq $1, %rdi
    movb $67, (%rdi)        #move 'C' on to stack
    addq $1, %rdi
    movb $0, (%rdi)         #Null terminate  

    movq $4, %rax           #4 is write syscall
    movq $1, %rbx           #1 for stdout
    movq %rsp, %rcx         #pointer to ABC string on stack
    movq $3, %rdx           #length of string
    int $0x80

    movq $1, %rax           #exit syscall
    xorq %rbx, %rbx
    int $0x80

该程序只是运行并退出而不打印 ABC，但是如果我传递存储在数据段中的字符串，则会打印 ABC。我做错了什么还是你不能这样做。任何帮助表示赞赏。

原文

I have just started to teach myself x86 assembly on linux from these video tutorials. Early on it teaches you how to use the write sys-call to print a string that is stored in the data section. Is it possible to use the write syscall to print a string that is stored on the stack. Here is the code I wrote to try and do this which doesn't seem to work.

.data
abc: 
    .asciz "ABC"
.text
    .globl _start

_start:
    pushq %rbp
    movq %rsp, %rbp
    subq $32, %rsp
    leaq -32(%rbp), %rdi
    movb $65, (%rdi)        #move 'A' on to stack
    addq $1, %rdi           
    movb $66, (%rdi)        #move 'B' on to stack
    addq $1, %rdi
    movb $67, (%rdi)        #move 'C' on to stack
    addq $1, %rdi
    movb $0, (%rdi)         #Null terminate  

    movq $4, %rax           #4 is write syscall
    movq $1, %rbx           #1 for stdout
    movq %rsp, %rcx         #pointer to ABC string on stack
    movq $3, %rdx           #length of string
    int $0x80

    movq $1, %rax           #exit syscall
    xorq %rbx, %rbx
    int $0x80

This program just runs and exits without printing ABC, but if I pass the string stored in the data segment, ABC is printed. Am I doing something wrong or can you not do it this way. Any help apprecitated.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

故事灯 2024-12-01 06:02:56

您的系统调用编号似乎相差甚远。

从您对 movq 和“r”寄存器的使用来看，我可以猜测您正在 x86-64 上尝试。看一下 /usr/include/asm/unistd_64.h，我可以看到以下内容：

#define __NR_write                              1
#define __NR_stat                               4
#define __NR_exit                               60

strace 同意我的观点：

$ strace ./abc
execve("./abc", ["./abc"], [/* 43 vars */]) = 0
stat("", NULL)                          = -1 EFAULT (Bad address)
write(-1698988341, NULL, 3 <unfinished ... exit status 0>

请注意，参数也相差很大。您还为其余参数使用了错误的寄存器。据我所知，x86-64 上的调用约定按以下顺序使用以下寄存器作为参数：rdi、rsi、rdx、<代码>r10、r8、r9。

也许您正在尝试以在 i386 上完成的方式在 x86-64 上执行系统调用，并期望它是相同的？

Your syscall numbers seem WAY off.

From your use of movq and the "r" registers, I can guess you are trying on x86-64. Taking a look at /usr/include/asm/unistd_64.h, I can see the following:

#define __NR_write                              1
#define __NR_stat                               4
#define __NR_exit                               60

strace agrees with me:

$ strace ./abc
execve("./abc", ["./abc"], [/* 43 vars */]) = 0
stat("", NULL)                          = -1 EFAULT (Bad address)
write(-1698988341, NULL, 3 <unfinished ... exit status 0>

Note that the parameters are also way off. You are also using the wrong registers for the rest of the parameters. The calling convention on x86-64, AFAIK, uses the following registers for the parameters, in this order: rdi, rsi, rdx, r10, r8, r9.

Perhaps you are trying to do syscalls on x86-64 the way they are done on i386 and expecting it to be the same?

回复收藏 0 原文

~没有更多了~