Why do you want to put it on the stack? That's a waste of clock cycles to push a static string on the stack (if you aren't trying to conserve clock cycles then why are you in assembly?). I would assume that you have forgotten or are not aware that on the x86 the stack expands down, eg:
The reason you're only getting one letter as you can hopefully see, you have actually pushed [tt]0x66 0x00 0x00 0x00 0x65 0x00 0x00 0x00 0x64 0x00 0x00 0x00[/tt] on the stack. As you can see there are a lot of NULLs, and it stops as soon as it hits the first one after the "f".
Wouldn't it be smarter to push a pointer to the string on the stack?
That is what I wanted to do! But don't I need to put it on the stack? How can I get this pointer address? And I know the stack way isn't useful, but how can I do it? Thank you!
...unless I (again) confused AT&T and Intel syntax and it's really "push string" without the '$'. "string" is the symbol associated with your character sequence, and you can take it's address.
Every good solution is obvious once you've found it.
Because there are no general registers left to pass the arguments to the function, they are push'ed in to the stack. I don't seem to understand how does this function know witch values to pop off the stack?
What does movl esp,ecx mean? ESP = Stack Pointer, but what about ECX, its a general register used for counting! Why does it's value are stored in ESP? Thank you!
Because there are no general registers left to pass the arguments to the function, they are push'ed in to the stack. I don't seem to understand how does this function know witch values to pop off the stack?
What does movl esp,ecx mean? ESP = Stack Pointer, but what about ECX, its a general register used for counting! Why does it's value are stored in ESP? Thank you!
I think it's because the Linux kernel uses the ECX register for the stack "table".
ECX is a general register and is used to send parameters to the kernel for system calls. In that context, ECX in C would be something like socketparams_t* (A pointer to a struct). They simply built it on the stack for some reason (they could have just had "mov ecx, socketdata; socketdata: dd 0x02, 0x01, 0x06"), try:
Thank you!
I wan't to be sure that I understand this:
There are two ways to pass arguments to system calls: By Registers, and by Stack!
When Passing arguments by registers:
EAX - System Call ID
EBX - First Argument
ECX - Second Argument
EDX - Third Argument
When the System Call has more than three arguments, I need to pass them by Stack:
EAX - System Call ID ; SOCKETCALL();
EBX - Sub-System Call ID ; CONNECT();
ECX = ESP (If ECX contains memory address not a value, the kernel will know that I will pass arguments by stack?)
PUSH .. (Push the arguments on the stack!)
Unfortunately I'm not familiar with the Linux Kernel interface, but I doubt it uses the stack at all, if the parameters won't fit then it will most likely use a pointer to a struct of data as one of the parameters.
A pointer points to anywhere, the stack is nothing special in this regard (neither is code for that matter).
...and only in the undertones of this thread does it become apparent that you are not talking about generally passing arguments in Assembler, but about passing arguments to specific Linux functions. You could just as well have spoken about your own code, the Win32 API or whatever...
In this case, I would recommend to refer to the Linux API docs, and perhaps read the "Programming from the Ground Up" book to make you get more comfortable with using Assembler.
Every good solution is obvious once you've found it.
