Author Topic: sys_call 11  (Read 961 times)

Offline nasmpc

  • Jr. Member
  • *
  • Posts: 15
sys_call 11
« on: August 06, 2018, 09:39:10 AM »

problem with running the script from the program to Assembler
it does not start

tell me what is wrong?

Code: [Select]
section .data

    file db "b.sh"
section .text
    global _start
_start:
         mov ecx, 5
         cmp ecx, 2
         jg  jamp
         int 0x80
jamp:
          mov eax, 11
          mov ebp, file
          int 0x80

        mov eax, 1
        int 0x80



Offline Frank Kotler

  • NASM Developer
  • Hero Member
  • *****
  • Posts: 2373
  • Country: us
Re: sys_call 11
« Reply #1 on: August 06, 2018, 06:18:36 PM »
Hi nasmpc,

Welcome to the Forum!

What do you expect this to do? ... and why do you expect it to do it?

Looks pretty random to me. sys_exeve expects parameters in ebx, ecx, and edx as I recall. I lost all my example code in a system crash a while ago, so I'd have to work it out from scratch. I'll try to help you out with it... if I get to it... I strongly suggest you start with something simpler!

Best,
Frank


Offline Frank Kotler

  • NASM Developer
  • Hero Member
  • *****
  • Posts: 2373
  • Country: us
Re: sys_call 11
« Reply #2 on: August 06, 2018, 10:17:45 PM »
Something like this?

Code: [Select]
; nasm -f elf32 myfile.asm
; ld -o myfile myfile.o -melf_i386

global _start

section .data
filename db "/bin/bash", 0
scriptname db "b.sh", 0

cmdline:
dd filename
dd scriptname
dd 0

section .text
_start:
mov eax, 11 ; sys_exceve
mov ebx, filename
mov ecx, cmdline
xor edx, edx
int 80h

neg eax ; to make errno readable
mov ebx, eax

mov eax, 1 ; sys_exit
int 80h

Best,
Frank


Offline nasmpc

  • Jr. Member
  • *
  • Posts: 15
Re: sys_call 11
« Reply #3 on: August 06, 2018, 10:40:12 PM »

as it were, I start with a simple one. it is no longer easier

Offline nasmpc

  • Jr. Member
  • *
  • Posts: 15
Re: sys_call 11
« Reply #4 on: August 06, 2018, 10:42:49 PM »
Code: [Select]
section .bss
 
     elb resb 10
section .data
       file "b.sh", 0
       file1 "p.py", 0
section .text
       global _start
_start:
 
        mov eax, 3
        mov ebx, 0
        mov ecx, elb
        mov edx, 10
        int 0x80
   
         mov ebp, 100
         cmp ebp, [elb]
         je jamp
         int 0x80
         jmp tojamp
 
jamp:
          mov eax, 11
          mov ebx, file
          xor ecx, ecx
          xor edx, edx
          int 0x80
          jmp stop
 
tojamp:
           mov eax, 11
           mov ebx, file1
           xor ecx, ecx
           xor edx, edx
           int 0x80
           jmp stop
 
stop:
           mov eax, 1
            int 0x80














why does not it work?

Offline nasmpc

  • Jr. Member
  • *
  • Posts: 15
Re: sys_call 11
« Reply #5 on: August 06, 2018, 10:44:07 PM »

and yes, thank you very much for your help

Offline Frank Kotler

  • NASM Developer
  • Hero Member
  • *****
  • Posts: 2373
  • Country: us
Re: sys_call 11
« Reply #6 on: August 07, 2018, 01:05:03 AM »
You're welcome... but I don't think I helped you very much.

I don't know why your example doesn't work. What's "p.py"? An executable file? I suspect a Python script... in which case you want to "execve" python - /usr/bin/python? - and  pass "p.py" to that. I could be wrong.

You start by reading STDIN into your buffer. That will be characters. Then you compare with the number 100. That is unlikely to compare equal. So you do an int 0x80 with the number of characters typed in eax. Then you jump to tojamp.

You've got zero in ecx. I used zero in edx to tell the syscall to use the caller's environment. I should have commented that! I don't think I've ever tried zero in ecx. I doubt if it works. It should be a fake command line. I had a lot of trouble getting my example to work 'cause I remembered that it started with "argc". Nope! Just "argv"!

My "b.sh" was just "echo This is b!". If you tell me what "p.py" is supposed to be, I can try your example... In any case, the target of sys_execve wants to be an executable, not a script. At least that's what I've gotten to work.

Best,
Frank


Offline nasmpc

  • Jr. Member
  • *
  • Posts: 15
Re: sys_call 11
« Reply #7 on: August 07, 2018, 09:47:11 AM »
p.py -script in python
s.sh-bash script
this is a training program
Code: [Select]
p.py
#!/usr/bin/python3
print(" python+assembler")
Code: [Select]
b.sh
#!/bin/bash
echo "assembler+pathon"

I'm just trying to learn



Offline nasmpc

  • Jr. Member
  • *
  • Posts: 15
Re: sys_call 11
« Reply #8 on: August 07, 2018, 03:33:42 PM »

you are right, did not compare because 100 was wrong. it was necessary '100')))))))))))

Offline Frank Kotler

  • NASM Developer
  • Hero Member
  • *****
  • Posts: 2373
  • Country: us
Re: sys_call 11
« Reply #9 on: August 08, 2018, 05:51:54 AM »
Well... I'm not very familiar with scripts. I ASSume the "hash bang" (#!) is handled by the shell (bash). I don't think it'll work with sys_execve. I can't get it to. Can you? I was getting "permission denied" trying it from the command line. Okay, maybe I have to be root? Made myself root - same problem! I don't know what's going on there.

This is pretty much the same thing I posted before. It seems to work. Are you having any luck with it? I'm having trouble with even a simple cut-and-paste! Hope I didn't butcher it too badly!

Best,
Frank

Code: [Select]
; nasm -f elf32 myfile.asm
; ld -o myfile myile.o -melf_i386

section .bss
.
     elb resb 10
section .data
       file db "b.sh", 0
       file1 db "p.py", 0

    ex db "/bin/bash", 0
    ex1 db "/usr/bin/python", 0

    cline dd ex ; argv[0]
             dd file ; argv[1]
             dd 0   ; zero terminated!

    cline1 dd ex1
               dd file1
               dd 0

section .text
       global _start
_start:

; prompt the poor befuddled user?

        mov eax, 3
        mov ebx, 0
        mov ecx, elb
        mov edx, 10
        int 0x80

         mov ebp, 0x0A303031 ; "100"NL (little endian!)
         cmp ebp, [elb]
         je jamp
;         int 0x80 ; why?
         jmp tojamp

jamp:
          mov eax, 11
          mov ebx, ex ;executable file
          mov ecx, cline
          xor edx, edx
          int 0x80
mov ebx, 42 ; just for debugging (echo $?)
          jmp stop

tojamp:
           mov eax, 11
           mov ebx, ex1 ;executable file1
           mov ecx, cline1
           xor edx, edx
           int 0x80
mov ebx, 41 ; just for debugging

           jmp stop

stop:
           mov eax, 1
            int 0x80


Offline nasmpc

  • Jr. Member
  • *
  • Posts: 15
Re: sys_call 11
« Reply #10 on: August 08, 2018, 10:19:51 AM »

Yes, I was able to Run this Assembler code)
thank you very much) I'm very happy.

int 0x80. there apparently is not needed.
I get it everywhere. apparently do not understand his purpose.

int 0x80 is only gentle where sys_call
So?

Offline Frank Kotler

  • NASM Developer
  • Hero Member
  • *****
  • Posts: 2373
  • Country: us
Re: sys_call 11
« Reply #11 on: August 08, 2018, 06:15:30 PM »
Yes, int 0x80 always does a system call. Which one depends on the number in eax. In the case above, the number in eax depends on how many characters the pesky user had entered. The "enter" key that ends the input. So if he/she has not typed anything but just hit "enter" it would exit. Etc. (system call numbers are in a file called "unistd.h")

Best,
Frank


Offline nasmpc

  • Jr. Member
  • *
  • Posts: 15
Re: sys_call 11
« Reply #12 on: August 08, 2018, 10:31:38 PM »
thanks Frank