What is the first variables of my stack program?

Question

I have started the assembly.

I don't understand why I have two variables before argc.

What is the 0000 and the 0008 ?

global _main

section .text
_main:
    ; write
    mov rax, 0x2000004
    mov rdi, 0x1
    mov rsi, [rsp+24]
    mov rdx, 3
    syscall

    ; return (0)
    mov rax, 0x2000001
    mov rdi, 0x0
    syscall

I'm on macOSX Mojave and I compile with:

nasm -f macho64 ex01.s && ld -macosx_version_min 10.14 -lSystem ex01.o

Answer 1

You're targetting modern MacOS, hence ld will emit dyld assisted LC_MAIN load command for entry point handling. The [rsp] is the return address to libdyld _start function epilogue:

mov        edi, eax ; pass your process return code as 1st argument under System V 64bit ABI
call       exit ;from libSystem
hlt

What it means you don't need to exit your process through a system call like you do in:

; return (0)
mov rax, 0x2000001
mov rdi, 0x0
syscall

Instead:

xor eax,eax
ret

is enough (and that's what compilers will emit btw).

Your buffer will also get flushed in the ret / libdyld approach. That's irrelevant for your system write call you are doing, but could be for a printf for instance.

Here's a great article that describes lots of details.