我想在运行时执行 ARM“执行”系统调用时检索可执行文件的名称。
了解如何在 ARM 程序集中翻译“执行”系统调用可能会有所帮助。我会知道存储文件名的寄存器并在运行时检索它。
谢谢
【问题讨论】:
标签: arm
此示例说明了 ARMv7 中 execu 的简单用法。
假设您有一个简单的文件,其中包含一些要排序的文本。
手册页指出了指向可执行文件的指针的位置。在我的示例中,“/bin/sh”是可执行文件。
所以你在 R0 处寻找一个数组结构指针。
NAME
execve - execute program
SYNOPSIS
#include <unistd.h>
int execve(const char *filename, char *const argv[],
char *const envp[]);
DESCRIPTION
execve() executes the program pointed to by filename. filename must be either a binary executable, or a script starting with a line of the form:
#! interpreter [optional-arg]
For details of the latter case, see "Interpreter scripts" below.
argv is an array of argument strings passed to the new program. By convention, the first of these strings should contain the filename associated with the file being executed.
envp is an array of strings, conventionally of the form key=value, which are passed as environment to the new program. Both argv and envp must be terminated by a null pointer.
The argument vector and environment can be accessed by the called program's main function, when it is defined as:
int main(int argc, char *argv[], char *envp[])
execve() does not return on success, and the text, data, bss, and stack of the calling process are overwritten by that of the program loaded.
示例代码:
.data
_filename: .string "/bin/sh"
arg0: .string "/bin/sh"
arg1: .string "-c"
arg2: .string "sort -n myfile.txt"
args:
.word arg0
.word arg1
.word arg2
.text
.global main
main:
bl _work
_work:
push {lr}
mov r7, #11 // execve syscall
ldr r0,=_filename
ldr r1,=args
svc #0
pop {pc}
简单的文本文件:
$ cat myfile.txt
9
1
5
233
5
6
723
91
0
3
2
4576
557
6
353
3553
输出示例:
$ ./simple_exec
0
1
2
3
5
5
6
6
9
91
233
353
557
723
3553
4576
【讨论】: