1

I am very new to assembly and I am trying to call:

/bin/bash -c "echo hello; ls -la"

I store the "/bin/bash" command as a string and its address in RBX and RDI. 59 on RAX for the execve syscall that I perform at the end. -c on RSI as the second argument with the echo line on the third. Here's what gdb sees on the registers before the syscall line.

RBX: 0x4000b3 ("/bin/bash")
RCX: 0x0 
RDX: 0x4000c8 ("\"echo hello; ls -la\"")
RSI: 0x4000c5 --> 0x6f6863652200632d ('-c')
RDI: 0x4000b3 ("/bin/bash")
RBP: 0x0 
RSP: 0x7fffffffe0e0 --> 0x1 
RIP: 0x4000a7 --> 0xe8050f0000003bb8

But when I start the executable nothing happens. I thought the registers are used for the argv[] arguments.

I debugged the program and I honestly can't tell what's going wrong but then again I am really new so maybe I am not actually giving the arguments to the syscall?

Improve this question
5
  • 2
    There should be a single register that contains the address of the argv array. That should be an array of pointers to the individual arguments. And make sure that argv[0] contains "bash" or "/bin/bash" Commented Apr 23, 2024 at 20:48
  • You also need an argument that contains the env array. Commented Apr 23, 2024 at 20:49
  • 1
    The double-quotes shouldn't be part of the actual string. When you run /bin/bash -c "echo hello; ls -la" in bash or sh, the quotes protect that part of the command line from word-splitting, but quote-removal happens before passing that string to argv of the child process. Try it yourself with printf "%s\n" -c "hello world" 'hi mom' "quotes 'inside' quotes aren't removed" on a bash command line. Commented Apr 23, 2024 at 21:13
  • Anyway, look at the man page for execve, man7.org/linux/man-pages/man2/execve.2.html . RDI is const char *pathname, RSI is char *const argv[], a pointer to an array of pointers. Commented Apr 23, 2024 at 21:15
  • extending PeterCorde's comment with one further demonstration: printf "%s\n" ...... "quotes 'inside' quotes aren't removed" 'same "for dbls" inside singles' Good luck to all. Commented Apr 23, 2024 at 23:43

1 Answer 1

Reset to default
0

Try splitting the command string into seperate arguments and storing their addresses in memory. Also make sure that the last argument in both the "argv[]" and "envp[]" arrays is a NULL pointer to terminate the array.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Splitting the command string is wrong in the bash -c case. The entire command string needs to be a single argument, any arguments after it are treated as positional parameters.
So the correct value for argv is ["bash\0", "-c\0", "echo hello; ls\0"]

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.