I'm trying to learn NASM. I compile and run the file but it segfaults. The (64 bit) code follows:
global _main
section .text
_main:
mov rax, 0x2000004 ; write
mov rdi, 1 ; stdout
mov rsi, msg
mov rdx, msg.len
syscall
mov rax, 0x2000001 ; exit
mov rdi, 0
syscall
section .data
msg: db "Hello, world!", 10
.len: equ $ - msg
I compile and link it as:
nasm -f macho64 hello.asm
ld hello.o -e _main -o hello -macosx_version_min 10.7
Related
I'm having trouble finding the good documentation for writing 64-bit assembly on MacOS.
The 64-bit SysV ABI says the following in section A.2.1 and this SO post quotes it:
A system-call is done via the syscall instruction. The kernel destroys
registers %rcx and %r11.
Returning from the syscall, register %rax contains the result of the
system-call. A value in the range between -4095 and -1 indicates an error,
it is -errno.
Those two sentences are ok on Linux but are wrong on macOS Sierra with the following code:
global _start
extern _exit
section .text
_start:
; Align stack to 16 bytes for libc
and rsp, 0xFFFFFFFFFFFFFFF0
; Call write
mov rdx, 12 ; size
mov rsi, hello ; buf
mov edi, 1 ; fd
mov rax, 0x2000004 ; write ; replace to mov rax, 0x1 on linux
syscall
jc .err ; Jumps on error on macOS, but why?
jnc .ok
.err:
mov rdi, -1
call _exit ; exit(-1)
.ok:
; Expect rdx to be 12, but it isn't on macOS!
mov rdi, rdx
call _exit ; exit(rdx)
; String for write
section .data
hello:
.str db `Hello world\n`
.len equ $-hello.str
Compile with NASM:
; MacOS: nasm -f macho64 syscall.asm && ld syscall.o -lc -macosx_version_min 10.12 -e _start -o syscall
; Linux: nasm -f elf64 syscall.asm -o syscall.o && ld syscall.o -lc -dynamic-linker /lib64/ld-linux-x86-64.so.2 -o syscall
Run on macOS:
./syscall # Return value 0
./syscall >&- # Return value 255 (-1)
I found out that:
A syscall return errno an sets the carry flag on error, instead of returning -errno in rax
rdx register is clobbered by syscall
On Linux, everything works as expected
Why is rdx clobbered? Why doesn't a syscall return -errno? Where can I find the real documentation?
The only place I found where someone talks about the carry flag for syscall errors is here
I used this:
# as hello.asm -o hello.o
# ld hello.o -macosx_version_min 10.13 -e _main -o hello -lSystem
.section __DATA,__data
str:
.asciz "Hello world!\n"
.section __TEXT,__text
.globl _main
_main:
movl $0x2000004, %eax # preparing system call 4
movl $1, %edi # STDOUT file descriptor is 1
movq str#GOTPCREL(%rip), %rsi # The value to print
movq $13, %rdx # the size of the value to print
syscall
movl %eax, %edi
movl $0x2000001, %eax # exit (return value of the call to write())
syscall
and was able to catch return value into eax. Here return value is the number of bytes actually written by write system call. And yes MacOS being a BSD variant it is the carry flag that tells you if the syscall was wrong or not (errno is just an external linkage variable).
# hello_asm.s
# as hello_asm.s -o hello_asm.o
# ld hello_asm.o -e _main -o hello_asm
.section __DATA,__data
str:
.asciz "Hello world!\n"
good:
.asciz "OK\n"
.section __TEXT,__text
.globl _main
_main:
movl $0x2000004, %eax # preparing system call 4
movl $5, %edi # STDOUT file descriptor is 5
movq str#GOTPCREL(%rip), %rsi # The value to print
movq $13, %rdx # the size of the value to print
syscall
jc err
movl $0x2000004, %eax # preparing system call 4
movl $1, %edi # STDOUT file descriptor is 1
movq good#GOTPCREL(%rip), %rsi # The value to print
movq $3, %rdx # the size of the value to print
syscall
movl $0, %edi
movl $0x2000001, %eax # exit 0
syscall
err:
movl $1, %edi
movl $0x2000001, %eax # exit 1
syscall
This will exits with error code one because descriptor 5 was used, if you try descriptor 1 then it will work printing another message and exiting with 0.
I don't know why rdx gets clobbered, just to confirm that it indeed does seem to get zeroed across the "write" systemcall. I examined the status of every register:
global _start
section .text
_start:
mov rax, 0xDEADBEEF; 0xDEADBEEF = 3735928559; 3735928559 mod 256 = 239
mov rbx, 0xDEADBEEF
mov rcx, 0xDEADBEEF
mov rdx, 0xDEADBEEF
mov rsi, 0xDEADBEEF
mov rdi, 0xDEADBEEF
mov rsp, 0xDEADBEEF
mov rbp, 0xDEADBEEF
mov r8, 0xDEADBEEF
mov r9, 0xDEADBEEF
mov r10, 0xDEADBEEF
mov r11, 0xDEADBEEF
mov r12, 0xDEADBEEF
mov r13, 0xDEADBEEF
mov r14, 0xDEADBEEF
mov r15, 0xDEADBEEF
mov rdx, len2 ; size
mov rsi, msg2 ; buf
mov rdi, 1 ; fd
mov rax, 0x2000004 ; write
syscall
mov rdi, rsi ; CHANGE THIS TO EXAMINE DIFFERENT REGISTERS
mov rax, 0x2000001 ; exit
syscall
section .data
msg_pad db `aaaa\n` ; to make the buffer not to be page-aligned
msg2 db `bbbbbb\n` ; because then it's easier to notice whether
len2 equ $-msg2 ; clobbered or not
nasm -f macho64 syscall.asm && ld syscall.o -e _start -static && ./a.out; echo "status: $?"
The results I got:
clobber list of a "write" syscall
rax clobbered
rbx not clobbered
rcx clobbered
rdx clobbered <- This is the unexpected case?!
rsi not clobbered
rdi not clobbered
rsp not clobbered
rbp not clobbered
r8 not clobbered
r9 not clobbered
r10 not clobbered
r11 clobbered
r12 not clobbered
r13 not clobbered
r14 not clobbered
r15 not clobbered
It would be interesting to know other syscalls zero rdx too, I didn't have the energy to attempt a thorough investigation. But maybe, just to be safe, one should add rdx to the clobber list of all of the MacOS syscalls from now on.
I have this code:
section .data
x dw 10
y dw 10
section .text
global _main
_main: xor rax, rax
mov rax, x
mov rbx, y
add rax, rbx
result: nop
exit: mov rax, 0x2000001 ; System call number for exit = 1
mov rdi, 0 ; Exit success = 0
syscall ; Invoke the kernel
and aim try to compile this:
nasm -f macho64 hello.asm
gcc -m64 hello.o -o hello
and debug with lldb
(lldb) r
Process 74574 launched: './hello' (x86_64)
Process 74574 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = breakpoint 1.1
frame #0: 0x0000000100000fab hello`result
hello`result:
-> 0x100000fab <+0>: nop
hello`exit:
0x100000fac <+0>: movl $0x2000001, %eax ; imm = 0x2000001
0x100000fb1 <+5>: movl $0x0, %edi
0x100000fb6 <+10>: syscall
Target 0: (hello) stopped.
(lldb) register read rax
rax = 0x0000000200002004
I expected in rax is 0x014 but I have 0x0000000200002004, what am doing wrong?
This question already has an answer here:
NASM issue on OSX 64-bit [duplicate]
(1 answer)
Closed 4 years ago.
I'm new to NASM and have struggle moving contents of variable from .data section to register. Following code outputs "Value: 0" instead of "Value: 1". If I write constant to register directly (mov qword rax, 25) everything works OK.
; /usr/local/bin/nasm -f macho64 sum.asm && ld -macosx_version_min 10.7.0 -lSystem -o sum sum.o && ./sum
section .data
myvar: dq 1234
message: db "Value: %i", 10, 0
.len: equ $ - message
global start
extern _printf
extern _exit
section .text
start:
default rel
; This outputs "Value: 0"
mov qword [myvar], 1
mov rax, [myvar]
; This works:
; mov qword rax, 25
; Output
mov rsi, rax
mov qword rax, 0
lea rdi, [rel message]
call _printf
mov qword rax, 0
call _exit
/usr/local/bin/nasm -v says:
NASM version 2.11.08 compiled on Mar 10 2015
The OS X NASM 2.11.08 bug strikes again. Use an older version (like 2.11.06), or a newer version with a fix for relative symbol addressing in the data section. Or use yasm.
Like I said in comments, you can zero a 64bit register with xor eax, eax. That's the standard idiom.
Writing to a 32bit reg always clears the upper32 of the 64bit register. This saves a lot of instruction bytes compared to moving a 64bit immediate.
mov qword rax, 25
Is still a 32bit immediate move. The qword is unnecessary. The instruction does have an unneeded REX prefix to make it a 64bit write, instead of just automatically clearing the high 32 by writing the low 32.
mov eax, 25
does the same thing, but with fewer instruction bytes.
Your code is correct, except for the global entry point main which is needed (but not required, you can adjust the entry point -- with link options). Here you are linking with the libc printf and exit functions. While compilers differ, using printf rather than _printf can help.
With only those semantic changes (and compiling on Linux instead of Mac), your code gives the desired output:
section .data
myvar: dq 1234
message: db "Value: %i", 10, 0
.len: equ $ - message
global main
extern printf
extern exit
section .text
main:
default rel
; This outputs "Value: 0"
mov qword [myvar], 1
mov rax, [myvar]
; Output
mov rsi, rax
mov qword rax, 0
lea rdi, [rel message]
call printf
mov qword rax, 0
call exit
Compile
$ nasm -felf64 -o obj/label64.o label64.asm
$ ld -dynamic-linker /lib64/ld-linux-x86-64.so.2 /usr/lib64/crt1.o \
/usr/lib64/crti.o obj/label64.o /usr/lib64/crtn.o -lc -o bin/label64
Output
$ ./bin/label64
Value: 1
Note: you may need to adjust the paths needed by the link command. Otherwise, you can just call gcc and let it sort the paths out. E.g.:
$ gcc -o bin/label64 obj/label64.o
This is my first time programming in assembly for the Mac, and keep getting some strange errors that I haven't had much luck with googling-wise. So far, I'm just trying to print "Hello, World!" onto the terminal. Here is my code:
global _main
section .text
_main:
mov rax, 0x20000004
mov rdi, 1
mov rsi, msg
mov rdx, msg.len
syscall
mov rax, 0x20000001
mov rdi, 0
syscall
section .data
msg: db "Hello, World!", 10
.len: equ $ - msg
Whenever I run this code, I use the command nasm -f macho64 print.asm. By the way, nasm -v prints NASM version 2.11.08 compiled on Mar 10 2015. When I use the command above, NASM gives this output:
print.asm:9: fatal: No section for index 2 offset 0 found
I'm stumped and would like any help. Thanks!
I met the seemly problem. from the:
instead of :" mov rsi, msg", use: "lea rsi, [rel msg]"
I'm trying to write a simple helloworld in assembler 64 on Mac with NASM.
Every time I try to run it I'm getting this error:
Illegal instruction: 4
Here is my code:
section .text
global _main
_main:
mov rax, 4
mov rbx, 1
mov rcx, tekst
mov rdx, dlugosc
int 80h
mov rax, 1
int 80h
section .data
tekst db "Hello, world", 0ah
dlugosc equ $ - tekst
I'm compiling with:
nasm -f macho64 HelloWorld.asm
And I'm linking with:
ld -o HelloWorld -arch x86_64 -macosx_version_min 10.10 -lSystem -no_pie HelloWorld.o
Any help is highly appreciated.
Let's start with the most important thing:
On Mac OSX, system calls are preceded by an 0x2000###, so for an exit it would 0x2000001.
Next, we need to use the correct registers to pass arguments.
The number of the syscall has to be passed in register rax.
rdi - used to pass 1st argument to functions
rsi - used to pass 2nd argument to functions
rdx - used to pass 3rd argument to functions
rcx - used to pass 4th argument to functions
r8 - used to pass 5th argument to functions
r9 - used to pass 6th argument to functions
A system-call is done via the syscall instruction. The kernel destroys registers rcx and r11.
So bringing this together, a fixed version of your code is:
section .text
global _main
_main:
mov rax, 0x2000004
mov rdi, 1
mov rsi, tekst
mov rdx, dlugosc
syscall
mov rax, 0x2000001
syscall
section .data
tekst db "Hello, world", 0ah
dlugosc equ $ - tekst