Can't figure out this segfault
Trying to issue an execve() syscall in Linux to touch a file called "Everything is OK"
Here's the stack:
0xffffd33c: 0x6e69622f 0x756f742f 0x45006863 0x79726576
0xffffd34c: 0x6e696874 0x73692067 0x004b4f20 0x00000000
0xffffd35c: 0xf7ff000a 0x00000001 0x080483a0 0x00000000
0xffffd36c: 0x080483c1 0x08048454 0x00000001 0xffffd394
That should be little-endian ordered "/bin/touch Everything is OK " followed by a NULL byte, which it appears to be.
Here are the registers:
eax 0xfffffff2 -14
ecx 0xffffd33c -11460
edx 0x0 0
ebx 0xffffd33c -11460
esp 0xffffd33c 0xffffd33c
EAX was 11 (for execve() linux syscall) before the int 0x80 caused an error which changed the value of EAX to -14
I can't figure out why my pointers (stored in ebx, ecx) are causing a format error with execve()'s arguments. They point to the same data, but it's a null-terminated string followed by a second null terminated string followed by a NULL pointer, so it should be treated as only the first string by ebx an as a NULL pointer terminated array by ECX.
Thanks.
Your value for ecx
is wrong. what your code seems to do is the equivalent of
char *arg[] = {"/bin/touch", "Everything is OK", 0};
execve(arg[0], arg[0], 0);
But it should be:
execve(arg[0], arg, 0);
See the difference? ecx
should contain the address to a list of pointers to the arguments, not a pointer to the first argument.
上一篇: 使用两个asm代码中的差异来解释多态混淆
下一篇: 无法弄清楚这段错误