about execute assembly exapmles under freebsd

Sun Apr 24 03:33:21 PDT 2005

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tetsuji "Maverick" Rai wrote:

> HHCHANG wrote:
>
>> Hi, I couldn't execute assembly example  under freebsd . The
>> environment and tools I used were (in IBM X31 box): 1.
>> bash-2.05b# uname -a FreeBSD sexbear.localhost 5.3-STABLE FreeBSD
>> 5.3-STABLE #3: Sun Feb 20 21:55:06 UTC 2005
>> ?root at sexbear.localhost:/usr/obj/usr/src/sys/SEXBEAR??i386 2.
>> bash-2.05b# as -v GNU assembler version 2.15 [FreeBSD] 2004-05-23
>>  (i386-obrien-freebsd) using BFD version 2.15 [FreeBSD]
>> 2004-05-23
>
>> bash-2.05b# ld -v GNU ld version 2.15 [FreeBSD] 2004-05-23
>
>> 3.(compile and execute the example) bash-2.05b# as -gstabs -o
>> cpuid.o cpuid.s ld -o cpuid cpuid.o cpuid (no output after
>> executing the program) gdb cpuid (gdb) run Starting program:
>> /usr/local/src/code/chap04/cpuid Program exited with code 0340.
>> (gdb) break *_start (gdb) run Program exited with code 0340.
>> ###################example in
>> book################################### #cpuid.s Sample program
>> to extract the processor Vendor ID .section .data output: .ascii
>> "The processor Vendor ID is 'xxxxxxxxxxxx'\n" .section .text
>> .globl _start _start: movl $0, %eax cpuid movl $output, %edi movl
>> %ebx, 28(%edi) movl %edx, 32(%edi) movl %ecx, 36(%edi) movl $4,
>> %eax movl $1, %ebx movl $output, %ecx movl $42, %edx int $0x80
>> movl $1, %eax movl $0, %ebx int $0x80
>
>> ###################example in
>> book###################################
>
>> I viewed the tutorial: http://www.int80h.org/bsdasm/. but I
>> couldn't find any syntax error in the program. Could someone give
>>  me a hint where I could find the more information? Thanks~
>
>> Regards,
>
>
> hi,
>
> There are some mistakes in that code. 1. Your code is calling
> systemcall in Linux mode..not in FreeBSD.  In FreeBSD, you need to
> push arguments in stack as in C language. 2.  mov $output,%eax
> loads the "content" of $output, instead of the address (or pointer)
> of $output.  So you have to take care :) 3. An improvement can be
> done when you want to load 0 (zero) into a register, you should use
> "xor %eax,%eax" or "sub %eax,%eax" because it will make your code
> shorter and faster.
>
> So I made a working code, t.s; ------t.s------------ .section .data
>  output: .ascii "The processor Vendor ID is 'xxxxxxxxxxxx'\n"
> .section .text .globl _start _start: xor %eax, %eax cpuid lea
> output, %edi          # load address of output in edi movl %ebx,
> 28(%edi) movl %edx, 32(%edi) movl %ecx, 36(%edi) pushl $42 lea
> output, %eax pushl %eax pushl $1 mov $4,%eax push %eax int $0x80
> add $16,%esp xor %eax,%eax push %eax                 # this is
> shorter than "pushl $0" inc %eax                  # put $1 in %eax.
> This is faster and shorter. push %eax int $0x80 ----------end of
> t.s--------
>
> It is assembled and works like this
>
> ------cut-------- freebsd53:~/tmp% as t.s -o t.o freebsd53:~/tmp%
> ld t.o -o t freebsd53:~/tmp% ./t The processor Vendor ID is
> 'GenuineIntel' ------------------
>
> I made a small homepage about Linux shellcode (assembler code
> utilities for hacking.) http://shellcode.4pu.com/
>
> Have fun!! btw my father was born in Taiwan.  My last name should
> be "Lai" instead of "Rai"
>

correction.  "movl $output,%edi" is correct...sorry for my mistake.

- --
Tetsuji 'Maverick' Rai
PGP Key fingerprint = 2021 6BF9 CEA3 73DE FF17  B326 F4DA F04E F784 3B85
gpg fingerprint
Aviation Jokes: http://www.geocities.com/tetsuji_rai/
Profile http://maverick.ns1.name/
http://maverick.IsASecret.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFCa3Xs9NrwTveEO4URAjexAJ43rZEjqZ0lgRwAlQ77LSCokOL5XwCfQhwK
A4W0TD8XnP1ilsUkLKMQEEk=
=Mmf8
-----END PGP SIGNATURE-----