问题
I am trying to get into a bit of Linux 64bit x86 assembly without using the standard libs, however I am having some issues dealing with arguments presented to my program (argv). I would think (based on documentation) that rsp marks the beginning of the argc qword, whilst [rsp + 8] would be argv. Unfortunately this is not the case, and the following (abridged) program causes EFAULT (Bad address).
sys_execve equ 59
sys_exit equ 60
section .data
child db "/bin/sh", 0
global _start
section .text
_start:
mov rdi, child ; #1 filename
mov rsi, [rsp + 8] ; #2 argv
mov rdx, 0 ; #3 envp = 0
mov rax, sys_execve ; execve
syscall
mov rax, rdi ; #1 Return value
mov rax, sys_exit ; exit
syscall
Help with regards to the amd64 calling convention and passing *char[] into the kernel would be appreciated.
Thanks
回答1:
At rsp+8 you'll find the address of a string with the program path. The pointer to the first argument is at [rsp+16]. But for execve you need a pointer to an array of pointer to strings which begins with a pointer to a program path (you can (ab)use [rsp+8]).
So change
mov rsi, [rsp + 8]
to
lea rsi, [rsp + 8]
来源:https://stackoverflow.com/questions/28135218/x86-64-assembly-execve-char-syscall