NASM - The Netwide Assembler
NASM Forum => Using NASM => Topic started by: nasmpc on August 06, 2018, 09:39:10 AM
-
problem with running the script from the program to Assembler
it does not start
tell me what is wrong?
section .data
file db "b.sh"
section .text
global _start
_start:
mov ecx, 5
cmp ecx, 2
jg jamp
int 0x80
jamp:
mov eax, 11
mov ebp, file
int 0x80
mov eax, 1
int 0x80
-
Hi nasmpc,
Welcome to the Forum!
What do you expect this to do? ... and why do you expect it to do it?
Looks pretty random to me. sys_exeve expects parameters in ebx, ecx, and edx as I recall. I lost all my example code in a system crash a while ago, so I'd have to work it out from scratch. I'll try to help you out with it... if I get to it... I strongly suggest you start with something simpler!
Best,
Frank
-
Something like this?
; nasm -f elf32 myfile.asm
; ld -o myfile myfile.o -melf_i386
global _start
section .data
filename db "/bin/bash", 0
scriptname db "b.sh", 0
cmdline:
dd filename
dd scriptname
dd 0
section .text
_start:
mov eax, 11 ; sys_exceve
mov ebx, filename
mov ecx, cmdline
xor edx, edx
int 80h
neg eax ; to make errno readable
mov ebx, eax
mov eax, 1 ; sys_exit
int 80h
Best,
Frank
-
as it were, I start with a simple one. it is no longer easier
-
section .bss
elb resb 10
section .data
file "b.sh", 0
file1 "p.py", 0
section .text
global _start
_start:
mov eax, 3
mov ebx, 0
mov ecx, elb
mov edx, 10
int 0x80
mov ebp, 100
cmp ebp, [elb]
je jamp
int 0x80
jmp tojamp
jamp:
mov eax, 11
mov ebx, file
xor ecx, ecx
xor edx, edx
int 0x80
jmp stop
tojamp:
mov eax, 11
mov ebx, file1
xor ecx, ecx
xor edx, edx
int 0x80
jmp stop
stop:
mov eax, 1
int 0x80
why does not it work?
-
and yes, thank you very much for your help
-
You're welcome... but I don't think I helped you very much.
I don't know why your example doesn't work. What's "p.py"? An executable file? I suspect a Python script... in which case you want to "execve" python - /usr/bin/python? - and pass "p.py" to that. I could be wrong.
You start by reading STDIN into your buffer. That will be characters. Then you compare with the number 100. That is unlikely to compare equal. So you do an int 0x80 with the number of characters typed in eax. Then you jump to tojamp.
You've got zero in ecx. I used zero in edx to tell the syscall to use the caller's environment. I should have commented that! I don't think I've ever tried zero in ecx. I doubt if it works. It should be a fake command line. I had a lot of trouble getting my example to work 'cause I remembered that it started with "argc". Nope! Just "argv"!
My "b.sh" was just "echo This is b!". If you tell me what "p.py" is supposed to be, I can try your example... In any case, the target of sys_execve wants to be an executable, not a script. At least that's what I've gotten to work.
Best,
Frank
-
p.py -script in python
s.sh-bash script
this is a training program
p.py
#!/usr/bin/python3
print(" python+assembler")
b.sh
#!/bin/bash
echo "assembler+pathon"
I'm just trying to learn
-
you are right, did not compare because 100 was wrong. it was necessary '100')))))))))))
-
Well... I'm not very familiar with scripts. I ASSume the "hash bang" (#!) is handled by the shell (bash). I don't think it'll work with sys_execve. I can't get it to. Can you? I was getting "permission denied" trying it from the command line. Okay, maybe I have to be root? Made myself root - same problem! I don't know what's going on there.
This is pretty much the same thing I posted before. It seems to work. Are you having any luck with it? I'm having trouble with even a simple cut-and-paste! Hope I didn't butcher it too badly!
Best,
Frank
; nasm -f elf32 myfile.asm
; ld -o myfile myile.o -melf_i386
section .bss
.
elb resb 10
section .data
file db "b.sh", 0
file1 db "p.py", 0
ex db "/bin/bash", 0
ex1 db "/usr/bin/python", 0
cline dd ex ; argv[0]
dd file ; argv[1]
dd 0 ; zero terminated!
cline1 dd ex1
dd file1
dd 0
section .text
global _start
_start:
; prompt the poor befuddled user?
mov eax, 3
mov ebx, 0
mov ecx, elb
mov edx, 10
int 0x80
mov ebp, 0x0A303031 ; "100"NL (little endian!)
cmp ebp, [elb]
je jamp
; int 0x80 ; why?
jmp tojamp
jamp:
mov eax, 11
mov ebx, ex ;executable file
mov ecx, cline
xor edx, edx
int 0x80
mov ebx, 42 ; just for debugging (echo $?)
jmp stop
tojamp:
mov eax, 11
mov ebx, ex1 ;executable file1
mov ecx, cline1
xor edx, edx
int 0x80
mov ebx, 41 ; just for debugging
jmp stop
stop:
mov eax, 1
int 0x80
-
Yes, I was able to Run this Assembler code)
thank you very much) I'm very happy.
int 0x80. there apparently is not needed.
I get it everywhere. apparently do not understand his purpose.
int 0x80 is only gentle where sys_call
So?
-
Yes, int 0x80 always does a system call. Which one depends on the number in eax. In the case above, the number in eax depends on how many characters the pesky user had entered. The "enter" key that ends the input. So if he/she has not typed anything but just hit "enter" it would exit. Etc. (system call numbers are in a file called "unistd.h")
Best,
Frank
-
thanks Frank