Search code examples
arraysassemblynasm

Creating a NASM assembly char * array to be used in syscall 59

I am trying to write a file that when started runs the command: /bin/bash -c "echo hello; ls -la"

section .text
  global _start
    _start:
        BITS 64
        jmp short two
    one:
        pop rbx

        mov [rbx+34], rbx
        xor al, al
        mov [rbx+9],  al
        mov [rbx+12], al
        mov [rbx+33], al

        xor rdx, rdx
        mov [rbx+66], rdx

        mov rcx, rbx
        add rcx, 10
        mov [rbx+42], rcx

        add rcx, 3
        mov [rbx+50], rcx

        add rcx, 53
        mov [rbx+58], rcx

        mov rdi, rbx
        lea rsi, [rbx+34]
        mov rax, 59
        syscall
     two:
        call one
        db '/bin/bash', 0xFF
        db '-c', 0xFF
        db '"echo hello; ls -la"', 0xFF
        db 'AAAAAAAA'
        db 'BBBBBBBB'
        db 'CCCCCCCC'
        db 'DDDDDDDD'
        db 'FFFFFFFF'

I am new and to my understanding all I needed was a bunch of pointers that are next to each other in memory. So I saved pointers to the actual arguments in the placeholder memory spaces AAAAAAA to DDDDDDDD. I then mov the first references address to rsi before the syscall. This is the memory I am getting at the end of the program with rsi pointing to 0x4000e9:

0x4000c7:   0x2f    0x62    0x69    0x6e    0x2f    0x62    0x61    0x73
0x4000cf:   0x68    0x00    0x2d    0x63    0x00    0x22    0x65    0x63
0x4000d7:   0x68    0x6f    0x20    0x68    0x65    0x6c    0x6c    0x6f
0x4000df:   0x3b    0x20    0x6c    0x73    0x20    0x2d    0x6c    0x61
0x4000e7:   0x22    0x00    0xc7    0x00    0x40    0x00    0x00    0x00
0x4000ef:   0x00    0x00    0xd1    0x00    0x40    0x00    0x00    0x00
0x4000f7:   0x00    0x00    0xd4    0x00    0x40    0x00    0x00    0x00
0x4000ff:   0x00    0x00    0x09    0x01    0x40    0x00    0x00    0x00
0x400107:   0x00    0x00    0x00    0x00    0x00    0x00    0x00    0x00

I must be missing something obvious, I think I don't quite understand how arrays work in assembly but I can't find out how to do it correctly.

Also here are the guessed arguments by gdb:

Guessed arguments:
arg[0]: 0x4000c7 ("/bin/bash")
arg[1]: 0x4000e9 --> 0x4000c7 ("/bin/bash")
arg[2]: 0x0 
arg[3]: 0x400109 --> 0x0

Currently the error I am getting when running the program is:

: echo hello; ls -la: command not found
Solution

  • Jester in the comments solved this issue:

    The array is fine, the error is due to the extra quotes. Remove those and use db 'echo hello; ls -la', 0xFF. You will also need to adjust the offsets. Or replace the quotes with spaces then you don't.