rephrased the question
Getting segmentation fault right after last printf after iterating and displaying stack values (2 iterations for simplicity purposes).
Just trying to display hex value on the stack in a loop. Tried aligning the stack with sub rsp, 8 in steps (dumb me) meaning adding 8 bytes to the stack in an effort to come to aligned state, that didn't produce anything.
another update
Found that extending stack by 120 bytes does the job with aligning the stack. Could someone please explain why it is 120..? I mean i have 3 CALLs and 3 PUSH'es before and in the Loop, each requiring 8 bytes additional stack (as far as my knowledge goes).
Code:
global _start
extern printf
section .data
;format db "value at esp: %llx", 10, 0x00
format db "%012llX", 10, 0x00
section .text
_start:
mov rax, 0xa284ee5c7cde4bd7
push rax
mov rax, 0x935add110510849a
push rax
mov rax, 0x10b29a9dab697500
push rax
mov rax, 0x200ce3eb0d96459a
push rax
mov rax, 0xe64c30e305108462
push rax
mov rax, 0x69cd355c7c3e0c51
push rax
mov rax, 0x65659a2584a185d6
push rax
mov rax, 0x69ff00506c6c5000
push rax
mov rax, 0x3127e434aa505681
push rax
mov rax, 0x6af2a5571e69ff48
push rax
mov rax, 0x6d179aaff20709e6
push rax
mov rax, 0x9ae3f152315bf1c9
push rax
mov rax, 0x373ab4bb0900179a
push rax
mov rax, 0x69751244059aa2a3
push rax
;---
mov rbx, 0x2144d2144d2144d2 ;!!
;---
xor rcx, rcx ; initialize rcx to 0
mov rcx, 2 ; initialize rcx to 14 loops
mov r15, rsp ; initialize the pointer to rsp right after pushing all of RAX
call Loop
call Exit ; Exit the program
Loop:
xor rax, rax
mov r14, [r15] ;have rax as temp holder of valu at rdx not to overwrite
;xor r14, rbx ;rdx while xoring at the next line
push rcx
push r14
push r15
call printMessage
pop r15
pop r14
pop rcx
add r15, 8 ;move up the stack
loop Loop
printMessage:
mov rdi, format ; set 1st argument (Print Format)
mov rsi, r14 ; set 2nd argument (message)
call printf ; printf(outFormat, message)
ret
Exit:
mov rax, 60
mov rdi, 0
syscall
GDB on the last step before segmentation fault:
gef➤ r
Starting program: /home/kali/Desktop/assembly/exercise 1/Final/final1
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
69751244059AA2A3
373AB4BB0900179A
Program received signal SIGSEGV, Segmentation fault.
**0x00007ffff7e1db44 in __printf (format=0x403008 "%012llX\n") at ./stdio-common/printf.c:28
28 ./stdio-common/printf.c: No such file or directory.**
[ Legend: Modified register | Code | Heap | Stack | String ]
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────── registers ────
$rax : 0x11
$rbx : 0x2144d2144d2144d2
$rcx : 0x0
$rdx : 0x0
$rsp : 0x00007fffffffdd48 → 0x0000000000000000
$rbp : 0x0
$rsi : 0x373ab4bb0900179a
$rdi : 0x0000000000403008 → "%012llX\n"
$rip : 0x00007ffff7e1db44 → <printf+36> movaps XMMWORD PTR [rsp+0x50], xmm0
$r8 : 0x58
$r9 : 0x0
$r10 : 0x0
$r11 : 0x202
$r12 : 0x0000000000401020 → <_start+0> movabs rax, 0xa284ee5c7cde4bd7
$r13 : 0x00007fffffffdea0 → 0x0000000000000001
$r14 : 0x373ab4bb0900179a
$r15 : 0x00007fffffffde40 → 0x9ae3f152315bf1c9
$eflags: [zero carry PARITY adjust sign trap INTERRUPT direction overflow RESUME virtualx86 identification]
$cs: 0x33 $ss: 0x2b $ds: 0x00 $es: 0x00 $fs: 0x00 $gs: 0x00
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── stack ────
0x00007fffffffdd48│+0x0000: 0x0000000000000000 ← $rsp
0x00007fffffffdd50│+0x0008: 0x373ab4bb0900179a
0x00007fffffffdd58│+0x0010: 0x0000000000000000
0x00007fffffffdd60│+0x0018: 0x0000000000000001
0x00007fffffffdd68│+0x0020: 0x0000000000000400
0x00007fffffffdd70│+0x0028: 0x373ab4bb0900179a
0x00007fffffffdd78│+0x0030: 0x0000000000000000
0x00007fffffffdd80│+0x0038: 0x0000000000000000
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────── code:x86:64 ────
0x7ffff7e1db3b <printf+27> mov QWORD PTR [rsp+0x48], r9
0x7ffff7e1db40 <printf+32> test al, al
0x7ffff7e1db42 <printf+34> je 0x7ffff7e1db7b <__printf+91>
→ 0x7ffff7e1db44 <printf+36> movaps XMMWORD PTR [rsp+0x50], xmm0
0x7ffff7e1db49 <printf+41> movaps XMMWORD PTR [rsp+0x60], xmm1
0x7ffff7e1db4e <printf+46> movaps XMMWORD PTR [rsp+0x70], xmm2
0x7ffff7e1db53 <printf+51> movaps XMMWORD PTR [rsp+0x80], xmm3
0x7ffff7e1db5b <printf+59> movaps XMMWORD PTR [rsp+0x90], xmm4
0x7ffff7e1db63 <printf+67> movaps XMMWORD PTR [rsp+0xa0], xmm5
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── threads ────
[#0] Id 1, Name: "final1", stopped 0x7ffff7e1db44 in __printf (), reason: SIGSEGV
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── trace ────
[#0] 0x7ffff7e1db44 → __printf(format=0x403008 "%012llX\n")
[#1] 0x401106 → printMessage()
[#2] 0x4010d4 → _start()
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
gef➤
gef➤ si
Program terminated with signal SIGSEGV, Segmentation fault.
The program no longer exists.
mov rsi, r9 ; rsi: pointer to messageexcept of courser9is not a pointer, it's a value. Also it's 8 bytes not 20.writesystem call does not support formatting. If you want hex you need to convert yourself.push r9/mov rsi, rsp/pop r9will leave the value below RSP, where it will be overwritten by the nextcall. But it's fine in a leaf function, although of courselea rsi, [rsp-8]/mov [rsi], r9would be more efficient and simpler. (And yes, putting stuff below RSP is safe since the x86-64 System V ABI has a red-zone. See also Writing a putchar in Assembly for x86_64 with 64 bit Linux? which shows an example of this.)