Can't figure out this segfault

Trying to issue an execve() syscall in Linux to touch a file called "Everything is OK"

Here's the stack:

0xffffd33c: 0x6e69622f  0x756f742f  0x45006863  0x79726576

0xffffd34c: 0x6e696874  0x73692067  0x004b4f20  0x00000000

0xffffd35c: 0xf7ff000a  0x00000001  0x080483a0  0x00000000

0xffffd36c: 0x080483c1  0x08048454  0x00000001  0xffffd394

That should be little-endian ordered "/bin/touchEverything is OK" followed by a NULL byte, which it appears to be.

Here are the registers:

eax            0xfffffff2       -14
ecx            0xffffd33c       -11460
edx            0x0  0
ebx            0xffffd33c       -11460
esp            0xffffd33c       0xffffd33c

EAX was 11 (for execve() linux syscall) before the int 0x80 caused an error which changed the value of EAX to -14

I can't figure out why my pointers (stored in ebx, ecx) are causing a format error with execve()'s arguments. They point to the same data, but it's a null-terminated string followed by a second null terminated string followed by a NULL pointer, so it should be treated as only the first string by ebx an as a NULL pointer terminated array by ECX.

Thanks.


Your value for ecx is wrong. what your code seems to do is the equivalent of

char *arg[] = {"/bin/touch", "Everything is OK", 0};
execve(arg[0], arg[0], 0);

But it should be:

execve(arg[0], arg, 0);

See the difference? ecx should contain the address to a list of pointers to the arguments, not a pointer to the first argument.

链接地址: http://www.djcxy.com/p/89856.html

上一篇: 使用两个asm代码中的差异来解释多态混淆

下一篇: 无法弄清楚这段错误