-2

I am trying to open a local file ('flag' in a target file) in assembly in order to write an exploit script output the flag. However, I am getting the error: "target: Too long input: Success" when trying to open the file. This is my code to load and open the file:

    #include <sys/syscall.h>

   .globl main
   .bss
   .lcomm bfr, 1040
   .type main, @function
   .data
      filename:
         .string . "flag"
   main:
     mov %eax,0x5
     mov %ebx,filename
     mov %ecx,0x0
     int $0x80

     mov %ebx, %eax
     mov %eax, 0x3
     mov %ecx, bfr
     mov %edx, 1040
     int $0x80
Peter Cordes
  • 328,167
  • 45
  • 605
  • 847
s.hu
  • 37
  • 1
  • 7
  • 2
    Note that `mov %eax,0x5` moves the word at address 5 to `eax`, not the value 5. To move the value 5, write `mov %eax,$0x05`. As you seem to be unfamiliar with AT&T syntax, I recommend you to read the assembler manual before venturing further into this project. – fuz Nov 19 '17 at 11:24
  • 2
    Downvoted because OP has clearly not read the manual before asking this question. – fuz Nov 19 '17 at 12:10
  • @fuz Also, along with my below comment to you, I have tried $0x05 and I was thrown errors for that, too, and have been trying to work through it in other versions of my code. – s.hu Nov 19 '17 at 12:18
  • @fuz has nailed it. I hadn't recognized the assembly format.. the intel directionality of your code threw me off, getting me to focus on potential null termination issues. If you insist on using GAS, make sure that you understand AT&T format. – David Hoelzer Nov 19 '17 at 12:19
  • @s.hu that's not your only problem. Go research AT&T format for assembly instructions. – David Hoelzer Nov 19 '17 at 12:19
  • 2
    @s.hu That's because you also need to swap the operand order (says so in the manual!). I didn't pay enough attention; the actual instruction is mov $5,%eax. Sorry for that. – fuz Nov 19 '17 at 12:27
  • @fuz Oh right, I was originally working in Intel, so I got myself confused. Thank you. I ended up restarting from scratch and it all works fine now – s.hu Nov 20 '17 at 18:32

1 Answers1

0

To anyone who happens upon this post, I want to write an explanation about the (stupid) errors in this code as to not confuse anyone trying to learn this. This was originally written with the Intel syntax in mind, meaning that the first operand would be the destination and the second operand would be the source, whereas in AT&T (which is what I needed to be using) the first operand is the source and the second operand is the destination. The other issue is that values, such as 0x5, 0x0, etc. needed to be loaded as the actual values (i.e. decimal 5, decimal 0) in order to call the system calls, such as open, read, and write. Therefore, as someone mentioned 0x5 would need to be written as $0x5. Or you may, also, call the system call directly with SYS_open. (If anyone else would like to add to this feel free, I just wanted to write a quick clarification in case someone made the mistake of trying to reference this.)

s.hu
  • 37
  • 1
  • 7