Author Topic: Linux Stack String + Execve  (Read 389 times)

Offline Dr1v3n

  • New Member
  • Posts: 1
Linux Stack String + Execve
« on: December 06, 2019, 01:34:34 AM »
I am trying to make the following call to execve:

Code: [Select]
execve("/bin/echo", ["this is a test"], NULL);
So that the terminal writes "this is a test" via echo. Frankly, I've been getting my butt kicked trying to lay this out properly with the argv data on the stack. This is what I have:

Code: [Select]
global _main
default rel

section .text
; 546869732069 7320612074657374
    xor     rdx, rdx                    ; Set envp to NULL
    push    rdx                        ;push NULL on stack to terminate string as 0 terminator
    mov rax,0x7374612074650000
    push rax
    mov rax, 0x6973732054682069
    push rax
    push rdx
    mov rdi, rsp
    add rdi, 16
    push rdi
    add rdi, 8
    mov rdi, rsp
    push rdi
    push rdx
    mov rax, binary
    push rax
    mov rsi, rsp
    ;push rdx

    lea     rdi, [binary] ;mov binary file path into syscall
    mov rax, 0x3b
    mov     rax, 0x60 ; exit
    mov     rdi, 0

 section .data
align 8
binary: db '/bin/echo', 0

As it is, this echoes a blank line. I know I am getting the call to echo from .data ok, but the argv part is what is tripping me up hard. I'm unsure of exactly how to lay out "this is a test" and where the NULLs need to go. Moreso, endianness may be tripping me up as it seems it switches the lower and higher 32 bits. Any help here would be GREATLY appreciated.
« Last Edit: December 06, 2019, 01:44:53 AM by Dr1v3n »