[SOLVED] Assembly for execve passing args...

trist007 · 08-11-2011, 02:03 PM

I'm trying to figure out how to save a pointer to a list of arguments in assembly. I'm just starting to learn assembly.
In C it would be like this:

Code:

int main()
{
char *args[] = { "/usr/bin/ps", "a", NULL };
execve( "/usr/bin/ps", args, NULL );
exit(-1);
}

Code:

BITS 32
xor eax,eax                         // zeroing out eax register
cdq                                      // zeroing out edx register (3rd arg)
push eax                             // pushing zero or NULL onto the stack
push long 0x73702f2f        // pushing "//ps" onto the stack
push long 0x6e69622f       // pushing "/bin" onto the stack
push long 0x7273752f       // pushing "/usr" onto the stack
mov ebx,esp                       // saving the pointer to the string in ebx register (1st arg)
push eax                             // pushing zero or NULL onto the stack
push long 0x20202061      // pushing "a   " onto the stack
push ebx                             // pushing the pointer to the string "/usr/bin/ps0" onto the stack
mov ecx, esp                       // saving the pointer of the string in the ecx register (2nd arg)
mov al,0x0b                        // moving decimal 11 into the al register, 11 syscall for execve
int 0x80                               // executing, no need to call exit

Please be as detailed as possible. Thanks.

paulsm4 · 08-11-2011, 08:17 PM

Not even close. I'm not sure if the comments are off, or the actual code is wrong ... or both ...

... but ...

Suggestions:
1. Write a 5-line C program that does your execve, compile with "-S" to generate an assembly listing and see how it works.

2. I don't recall if "execve" is an OS call (which would use "int 0x80"), or a standard library call (which wouldn't).
In either case, "gcc -S" would tell you.

3. Declare local variables for your string and use variable names. DON'T use big hairy hexadecimal constants

... and ...

4. Check out this tutorial. It's free, and it's a really, really good introduction to assembly programming in general (and assembly programming on Linux in particular):

Programming from the Ground Up, Jonathan Bartlett

PS:
NASM syntax might be appealing if you're looking at DOS examples, or if you're only ever programming Intel CPUs.

But you SHOULDN'T be looking at DOS examples - they'll give you some nasty bad habits you'll have to unlearn

And Gnu Assembler syntax really shines the moment you try your hand at OTHER assembly languages, BESIDES Intel (like MIPS, ARM or Power PC, for example).

IMHO...

trist007 · 08-11-2011, 08:34 PM

Fantastic, thank you for pointing me in the right direction. I also figured it out, let me post a working build.

Code:

[bits 32]

xor eax, eax             ; zeroing out registers
xor ebx, ebx
xor ecx, ecx
xor edx, edx            ; 3rd arg done
xor esi, esi
xor edi, edi

push eax
push long 0x73702f2f    ; "//ps"
push long 0x6e69622f		; "/bin"
push long 0x7273752f		; "/usr"
mov ebx, esp		; 1st arg done

; working on args array
; eax, ebx, ecx, edx, esi, edi, ebp

push eax
push byte 0x61			; "a"
mov esi, esp

; assemble the args array
push eax
push esi
push ebx
mov ecx, esp            ; 2nd arg done

; give to the kernel
mov eax, 0x0b
int 0x80

; execve("/usr/bin/ps", NULL)
; args[] = {"/usr/bin/ps0", "a", NULL}

paulsm4 · 08-12-2011, 01:05 AM

Glad you got it working. A few additional points:

1. When I compiled with "-S", my execve did indeed resolve to a standard library call (*not* directly to the underlying syscall). But invoking the syscall directly is equally valid. They're all defined here, in "asm/unistd.h":

http://linux.die.net/include/asm/unistd.h
#define __NR_execve 11

2. The comments are still wrong. Here's the API call:

Code:

 int execve(const char *filename, char *const argv [], char *const envp[]);

3. This means you're passing the following:

eax // Syscall#: NR_execve == 11 == 0x0b
ebx // Arg#1: pointer to the program string ("/usr/bin/ps")
ecx // Arg#2: pointer to the arguments array (*args[] = { "/usr/bin/ps", "a", NULL }

edx // Arg#3: pointer to the environment array (NULL)

'Hope that helps .. PSM