about execute assembly exapmles under freebsd

Tetsuji "Maverick" Rai maverick31337 at vfemail.net
Sun Apr 24 03:28:26 PDT 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

HHCHANG wrote:

> Hi, I couldn't execute assembly example  under freebsd . The
> environment and tools I used were (in IBM X31 box): 1. bash-2.05b#
> uname -a FreeBSD sexbear.localhost 5.3-STABLE FreeBSD 5.3-STABLE
> #3: Sun Feb 20 21:55:06 UTC 2005
> ?root at sexbear.localhost:/usr/obj/usr/src/sys/SEXBEAR??i386 2.
> bash-2.05b# as -v GNU assembler version 2.15 [FreeBSD] 2004-05-23
> (i386-obrien-freebsd) using BFD version 2.15 [FreeBSD] 2004-05-23
>
> bash-2.05b# ld -v GNU ld version 2.15 [FreeBSD] 2004-05-23
>
> 3.(compile and execute the example) bash-2.05b# as -gstabs -o
> cpuid.o cpuid.s ld -o cpuid cpuid.o cpuid (no output after
> executing the program) gdb cpuid (gdb) run Starting program:
> /usr/local/src/code/chap04/cpuid Program exited with code 0340.
> (gdb) break *_start (gdb) run Program exited with code 0340.
> ###################example in
> book################################### #cpuid.s Sample program to
> extract the processor Vendor ID .section .data output: .ascii "The
> processor Vendor ID is 'xxxxxxxxxxxx'\n" .section .text .globl
> _start _start: movl $0, %eax cpuid movl $output, %edi movl %ebx,
> 28(%edi) movl %edx, 32(%edi) movl %ecx, 36(%edi) movl $4, %eax movl
> $1, %ebx movl $output, %ecx movl $42, %edx int $0x80 movl $1, %eax
> movl $0, %ebx int $0x80
>
> ###################example in
> book###################################
>
> I viewed the tutorial: http://www.int80h.org/bsdasm/. but I
> couldn't find any syntax error in the program. Could someone give
> me a hint where I could find the more information? Thanks~
>
> Regards,

hi,

There are some mistakes in that code.
1. Your code is calling systemcall in Linux mode..not in FreeBSD.  In
FreeBSD, you need to push arguments in stack as in C language.
2.  mov $output,%eax  loads the "content" of $output, instead of the
address (or pointer) of $output.  So you have to take care :)
3. An improvement can be done when you want to load 0 (zero) into a
register, you should use "xor %eax,%eax" or "sub %eax,%eax" because it
will make your code shorter and faster.

So I made a working code, t.s;
- ------t.s------------
.section .data
output:
   .ascii "The processor Vendor ID is 'xxxxxxxxxxxx'\n"
.section .text
.globl _start
_start:
   xor %eax, %eax
   cpuid
   lea output, %edi          # load address of output in edi
   movl %ebx, 28(%edi)
   movl %edx, 32(%edi)
   movl %ecx, 36(%edi)
   pushl $42
   lea output, %eax
   pushl %eax
   pushl $1
   mov $4,%eax
   push %eax
   int $0x80
   add $16,%esp
   xor %eax,%eax
   push %eax                 # this is shorter than "pushl $0"
   inc %eax                  # put $1 in %eax.  This is faster and
shorter.
   push %eax
   int $0x80
- ----------end of t.s--------

It is assembled and works like this

- ------cut--------
freebsd53:~/tmp% as t.s -o t.o
freebsd53:~/tmp% ld t.o -o t
freebsd53:~/tmp% ./t
The processor Vendor ID is 'GenuineIntel'
- ------------------

I made a small homepage about Linux shellcode (assembler code
utilities for hacking.)
http://shellcode.4pu.com/

Have fun!!
btw my father was born in Taiwan.  My last name should be "Lai"
instead of "Rai"

- --
Tetsuji 'Maverick' Rai
PGP Key fingerprint = 2021 6BF9 CEA3 73DE FF17  B326 F4DA F04E F784 3B85
gpg fingerprint
Aviation Jokes: http://www.geocities.com/tetsuji_rai/
Profile http://maverick.ns1.name/
http://maverick.IsASecret.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFCa3TF9NrwTveEO4URAhaVAJwL2T20SQ0o2O6sydX3pBPke98KswCbBvqI
Cljbd60/yH8r95BUX3l0Chk=
=SxAD
-----END PGP SIGNATURE-----

More information about the freebsd-hackers mailing list