Author Topic: syscalls with nasm and with c  (Read 2858 times)


  • Guest
syscalls with nasm and with c
« on: April 17, 2009, 01:53:47 PM »

I try to understand the difference between syscalls executed in C and in nasm (or any other assembler like gnu asm).

It seems to me, that syscalls account of the libs in C  can be much more flexible than in nasm.

For example a list of the exe-syscalls in C from the man pages:


extern char **environ;

int execl( const char *path, const char *arg, ...);
       int execlp( const char *file, const char *arg, ...);
       int execle( const char *path, const char *arg,
                   ..., NULL, char * const envp[]);
       int execv( const char *path, char *const argv[]);
       int execvp( const char *file, char *const argv[]);

But if I try to use this in nasm, it seems, I only have the choice to use
execve like below, but for me it's not clear, how to use the other types like execvp, execle, execv, execlp and execl. It seems, the syscall-list only give me the possibillity to use syscall 11 for execve.
I didn't find any ohther similary form. Is there no possibillity to use variations of those syscalls like in C? Cause if I only put 11 in eax, I get the execve-syscall, but not for example execl.

Does anyone know, how to solve that problem? Perhaps it's very simle?

Thanks a lot for any help

; Example of syscall execve (11) in nasm
section .data
name db '/bin/sh', 0
; execve("/bin/sh",["/bin/sh", NULL], NULL)
mov eax, 11
mov ebx, name
push 0
push name
mov ecx, esp
mov edx, 0
int 0x80


  • Guest
Re: syscalls with nasm and with c
« Reply #1 on: April 17, 2009, 07:23:47 PM »
Nasm won't prevent you from calling the C library wrappers (that's all they are), if you wanna do it that way. Alternately, you write your own wrappers, and use int 80h. I assume the varieties that don't mention env pass the caller's env(?). (it's on the stack). Does the code you show work? (too lazy to test it right now) I'd have expected you'd need a pointer to a zero in valid memory in edx, not just a zero. Maybe execve takes zero as "no environment". If it segfaults, you can make a fake environment the same way you make the fake arguments list, I assume...

I haven't fooled much with execve, and don't know what you can get away with. :)