Using 0x80 Interrupt on 64-bit Linux

Question

Using 0x80 Interrupt on 64-bit Linux

I have a simple 64-bit build program that is designed to print "O" and "K", followed by a new line. However, "K" is never printed. One of the goals of programs is to print the value in the low-order bits of the rax register as an ASCII letter. The program is specifically designed for 64-bit Linux, written for educational purposes, so there is no need to use C-style system calls.

I suspect that the problem is either in mov QWORD [rsp], raxor mov rcx, rsp.

Currently, the program displays only "O", followed by a new line.

How can I change the program so that it uses the value in rax and then prints "K", so that the full output is "OK" and then a new line?

bits 64

section .data

o:  db "O"      ; 'O'
nl: dq 10       ; newline

section .text

;--- function main ---
global main         ; make label available to the linker
global _start       ; make label available to the linker
_start:             ; starting point of the program
main:               ; name of the function

;--- call interrupt 0x80 ---
mov rax, 4          ; function call: 4
mov rbx, 1          ; parameter #1 is 1
mov rcx, o          ; parameter #2 is &o
mov rdx, 1          ; parameter #3 is length of string
int 0x80            ; perform the call

;--- rax = 'K' ---
mov rax, 75         ; rax = 75

;--- call interrupt 0x80 ---
sub rsp, 8          ; make some space for storing rax on the stack
mov QWORD [rsp], rax        ; move rax to a memory location on the stack
mov rax, 4          ; function call: 4
mov rbx, 1          ; parameter #1 is 1
mov rcx, rsp            ; parameter #2 is rsp
mov rdx, 1          ; parameter #3 is length of string
int 0x80            ; perform the call
add rsp, 8          ; move the stack pointer back

;--- call interrupt 0x80 ---
mov rax, 4          ; function call: 4
mov rbx, 1          ; parameter #1 is 1
mov rcx, nl         ; parameter #2 is nl
mov rdx, 1          ; parameter #3 is length of string
int 0x80            ; perform the call

;--- exit program ---
mov rax, 1          ; function call: 1
xor rbx, rbx            ; return code 0
int 0x80            ; exit program

+4

assembly stack linux x86-64 system-calls

Alexander Mar 19 '14 at 11:10

source share

1 answer

Martin Rosenau · Accepted Answer · 2014-03-19T12:27:11+0000

Obviously, you are writing a 64-bit program and you are using the instruction "int 0x80". "int 0x80" works only in 32-bit programs.

The stack address is in a range that 32-bit programs cannot access. Therefore, it is likely that the "int 0x80" system calls do not allow access to this memory area.

To solve this problem, there are two possibilities:

32- ( 32- , EAX 64- , RAX). - 32- 64- Linux.
"syscall" "int 0x80" . "int 0x80" -!

32- :

mov eax,4    ; In "int 0x80" style 4 means: write
mov ebx,1    ; ... and the first arg. is stored in ebx
mov ecx,esp  ; ... and the second arg. is stored in ecx
mov edx,1    ; ... and the third arg. is stored in edx
int 0x80

64- :

mov rax,1    ; In "syscall" style 1 means: write
mov rdi,1    ; ... and the first arg. is stored in rdi (not rbx)
mov rsi,rsp  ; ... and the second arg. is stored in rsi (not rcx)
mov rdx,1    ; ... and the third arg. is stored in rdx
syscall

--- ---

:

"int 0x80" 32- . 64- , 32- ( 32- ).

, "int 0x80" 32- , 32 64- .

( Ubuntu 16.10, 64 .)

, "int 0x80" 2 ^ 32 ( 2 ^ 31), 2 ^ 32 32- .

, , 2 ^ 31, "int 0x80" . 2 ^ 32, . (RSP), , 2 ^ 32, , "int 0x80" .

, 2 ^ 32, : "int 0x80 64- ".

Using 0x80 Interrupt on 64-bit Linux

More articles: