Geek Answers Handbook

Linux process command line 64 bit

I have problems accessing the command line of a process from a 64-bit Linux build program. To reproduce this with minimal code, I made this 32-bit program that prints the first 5 characters of the program name:

  .section .text

 .globl _start
 _start:
  movl% esp,% ebp

  movl $ 4,% eax # write
  movl $ 1,% ebx # stdout
  movl 4 (% ebp),% ecx # program name address (argv [0])
  movl $ 5,% edx # hard-coded length
  int $ 0x80

  movl $ 1,% eax
  movl $ 0,% ebx
  int $ 0x80

This program works. When I translate it to 64 bit and run on Linux 64, it doesn't print anything:

  .section .text

 .globl _start
 _start:
  movq% rsp,% rbp

  movq $ 4,% rax
  movq $ 1,% rbx
  movq 8 (% rbp),% rcx # program name address?
  movq $ 5,% rdx
  int $ 0x80

  movq $ 1,% rax
  movq $ 0,% rbx
  int $ 0x80

Where is my mistake?

+4
source share
2 answers

You are loading the correct address in %rcx .

int 0x80 then calls the 32-bit syscall interface. This reduces the address to 32 bits, which makes it incorrect. (If you use the debugger and set a breakpoint immediately after the first int 0x80 , you will see that it returns from -14 to %eax , which is -EFAULT .)

The second syscall, exit , works fine, because truncating to 32 bits does no harm in this case.

If you want to pass a 64-bit address to a system call, you will have to use the syscall 64-bit interface:

  • use syscall , not int 0x80 ;
  • different registers are used: see here ;
  • system call numbers also vary: see here .

Here is the working version of your code:

 .section .text .globl _start _start: movq %rsp, %rbp movq $1, %rax movq $1, %rdi movq 8(%rbp), %rsi # program name address ? movq $5, %rdx syscall movq $60, %rax movq $0, %rdi syscall
+9
source

As stated in X86_64 ABI : use the syscall command instead of int $0x80 . The kernel uses different 64-bit registers as arguments to syscall, and the number assigned to the syscall function also changes between i386 and x86_64.

An example - in German, sorry - can be found here:
http://zygentoma.de/codez/linux_assembler.php

+2
source

More articles:


All Articles