| |
| |
| |
|
Page: 1 2
Comments:
<__mikem> Whats the offset to the pointers to the commandline arguments relative to esp ***uming push hasn't been used once in the program yet in a linux environment
<oggis_> argv == esp+sizeof(void*)
<__mikem> the size of any pointer should be 4 ***uming 32 bit code
<oggis_> yeah
<oggis_> so basically the first 32bit pop will get you argc
<oggis_> the second one argv[0]
<oggis_> the third one argv[1]
<oggis_> and so on
<oggis_> I think it's very nice to have it like that... for example in DOS it's a lot harder to get the arguments
<__mikem> because, I am trying to load a pointer to the first command line arg in eax with mov eax, dword ptr esp + 4
<__mikem> But it isn't working
<oggis_> well argv[0] is the program name
<oggis_> and argv[1] is the first argument
<__mikem> I know, but I am not getting the program name, I am getting unprintable characters
<__mikem> which generally means I am indexing into nomans land
<__mikem> I am trying ultimately to put the pointer to the first command line arg in a memory location with label msg with...
<__mikem> mov eax, esp + 4
<__mikem> mov msg, dword ptr eax
<__mikem> but it aint working
<__mikem> oggis, why doesn't the above code work
<oggis_> it should. If you put something like the address of a constant string to msg before you print it does it work?
<__mikem> IT isn't working
<__mikem> I am getting unprintable characters
<oggis_> I mean, even if you use a well-known working string as msg?
<oggis_> show me your printing code
<__mikem> its just push msg
<__mikem> call puts
<__mikem> michael@michael-desktop:~$ ./a.out asdf
<__mikem> michael@michael-desktop:~$
<oggis_> well at least if i just do _start: add esp, byte 4 \n call puts that works as expected
<oggis_> try if that works for you
<__mikem> Nope
<__mikem> segment faults all around when I do that
<oggis_> yeah it should because of no exit syscall but it doesn't print anything before it
<oggis_> what if you run it in gdb?
<oggis_> it segvs in strlen right?
<__mikem> No, it just segfaults, no output
<oggis_> btw what ***embler are you using
<__mikem> the gnu ***embler, with intel syntax support
<oggis_> ok
<__mikem> Ok, now I get the string XQR no mater what I type in
<undrdawg> how does bp differ from bx?
<oggis_> they are different registerts...
<oggis_> -t
<undrdawg> thats it?
<oggis_> ah, for usage
<oggis_> blah, a lot of things...
<undrdawg> aside from typical usage, you are free to use either for the same purpose right?
<__mikem> WHy won't this work, I did exaclty what you said
<__mikem> ok, got it finally
<__mikem> oggis, something weird is going on, the program name is at offset [esp +8] and the environment variables start at [esp + 12]
<oggis_> what was it?
<oggis_> hmm.. wonder what that extra stuff is then
<__mikem> and anything bellow [esp + 8] causes a seg fault
<oggis_> prologue?
<__mikem> And I can't locate the pointers to the command line args
<__mikem> There is no prolog
<__mikem> No
<oggis_> are you using main+starfiles?
<oggis_> startfiles*
<__mikem> no
<oggis_> because you should be using -nostartfiles and _start
<__mikem> i have a label main: and the start of the code
<__mikem> Ill try the no start files thing
<oggis_> yeah, yeah, that's it, really
<oggis_> name it _start and use -nostartfiles
<oggis_> the thing is with main there is some code run already so push has really been used already
<__mikem> the idea of using an ***embler is that should never happen though, the only code that should be ***embled is the code you typed and the functions you import
<oggis_> yeah, but it doesn't get ***embled. It comes from libraries when linking.
<oggis_> And when you use -nostartfiles it doesn't
<__mikem> But now that I did that, I get segmentation faults again
<oggis_> yeah, after printing. That's because you don't exit from the program at all.
<__mikem> No, it isn't printing now either
<oggis_> ah, ok
<__mikem> ok fixed
<oggis_> first try just _start: add esp, byte 4 \n call puts
<oggis_> does it print then?
<oggis_> it should segfault right after printing
<__mikem> Now it does
<__mikem> I have been calling exit but I think I have this now
<__mikem> thanks
<oggis_> i'd call the syscall directly instead
<oggis_> like mov eax, 1 \n mov ebx, 0 \n int 80h
<__mikem> I don't like mixing crt and system calls
<oggis_> yeah, i like to use syscalls whenever possible and only use libc for stuff there isn't a single syscall equivalent
<__mikem> I have to go be back later
<ninjaneo> might anyone know anything about compiling/writing BPF filters?
<chantecode> hi, I have a question about the PE format
<chantecode> does anyone know anything about the export table
<chantecode> ?
<edcba> yes
<__mikem> I actualy used to know where the export table was in the pe format files
<__mikem> its just a matter of finding the right section header
<__mikem> All the headers appear in sequence torwards the begining of the file, and are labeled based on what their feilds point to
<elvueno> hi
<elvueno> one question
<elvueno> programming asm in x86-64 is more diffent than x86-32?
<__mikem> There are edditional registers in 64 bit
<__mikem> and the size of a pointer is 64 bits
<__mikem> s/edditional/additional
<elvueno> mmm
<elvueno> but, in the internet there aren't a lor of information about asm in x86-64...
<elvueno> no?
<__mikem> BEcause the technology is fairly new
<elvueno> ahm...
<elvueno> okey
<__mikem> But the only real difference is that there are 64 bit general purpose registers, which have their own name, which I don't know off hand
<__mikem> and that the pointer is 64 bits wide
<elvueno> and.. if I use s.o for 64-bit, I can used programns in asm 32-bit? with emulator..
<elvueno> I don't know
<__mikem> 32 bit programs can run on 64 bit machines, but not visaversa
<elvueno> mmm why?
<elvueno> if my registers have other name, I can't used programs with 32-bit
<__mikem> Mainly because 32 bit code is writen ***uming the size of a pointer is 32 bits
<__mikem> So there are pointer scaling issues
<elvueno> mmm
<elvueno> although, if I have a source of asm in 32-biy I can ejecute in amd64?
<__mikem> YEs, because an amd64 has whats called 32bit emulation
<elvueno> but.. if I programming a source in C and ejecute gdb
<elvueno> info registers
<elvueno> this is registers of 64-bit
<elvueno> I like 32-bit..
<__mikem> Because the C compiler will produce 64 bit ***embly code or 32 bit ***embly code b***ed on what you tell it to do
<elvueno> and
<elvueno> why I tell it to do that compile code in 32-bit?
<__mikem> I don't know?
<__mikem> WHy would you
<elvueno> sorry, I am spanish, I don't understand..
<elvueno> I would that my program in C is form 32-bit..
<elvueno> no for 64-bit
<__mikem> I really can't help you then
<__mikem> I don't speak spanish fluently enough to clarify
<elvueno> mmm okey
<elvueno> thanks for all
<__mikem> no problem
<__mikem> HEres a question, does anyone know of any example of appropiate use of the HLT instruction?
<Axioplase> Hi
<Axioplase> just wondering...
<Axioplase> is sub $4,%esp; movl %eax,(%esp); different from pushl eax ?
<billfur> no
<drcode> hi all
<drcode> any one know good asm editor for liunx
<drcode> replace for hiew in windows
<phrosty> i use scite
<Yurik> morning
<drcode> thanx
<seb-> what does ORG do? i see stuff like this in boot loaders...
<seb-> ORG 0x7C00
<pireau> seb-: it sets tho origin of the code segment (i think)
<pireau> or where the program is loaded
Return to
#asm
or
Go to some related
logs:
#python
freenode password lost nickserv
#perl
#php
#asm
(uniqueMember) index_param failed
#fedora
#perl
cygwin putty buffered output
module vfat not found ubuntu
|
|
