Untitled

[bits 32]

    ; In both parts of the exercise I have chosen to use the stack for storing the needed strings, since I found that it results in the shortest (65 bytes) and most easily readable (no weird jumps needed) code.


    ;;; Print 'Hello, world\n' using the write syscall ;;;

    ; set syscall number
    push byte 0x4
    pop eax

    ; set file handle. 1 is stdout
    xor ebx, ebx
    inc ebx

    ; push string to stack
    push byte 0x0a ; '\n'
    push dword 'orld'
    push dword 'o, w'
    push dword 'Hell'
    ; set argument to point at the string
    mov ecx, esp

    ; set the length parameter
    cdq ; sign-extend eax, which is 4, into edx, zeroing it
    mov dl, 13

    ; and go!
    int 0x80


    ;;; Execute '/usr/bin/id' with argument '-d' using the execve syscall ;;;

    ; clear edx. it needs to be 0 later, and it's useful to have a 0.
    ; note that eax contains the return code from the write syscall, which is 0
    cdq ; sign-extend eax into edx

    ; set syscall number
    ; xor eax, eax ; eax is already zero (return code from write syscall)
    mov byte al, 11

    ; prepare filename argument
    push byte 'd'
    push word '/i'
    push dword '/bin'
    push dword '/usr'
    ; set filename argument
    mov ebx, esp

    ; prepare the argv argument
    push edx ; terminator for argument string
    push word 0x752d ; argument string: '-u'
    mov esi, esp ; pointer to '-u'
    ; push the argv arguments to stack
    push edx ; push null terminator
    push esi ; push pointer to '-u'
    push ebx ; push pointer to '/usr/bin/id'
    ; set argv argument
    mov ecx, esp

    ; set the envp argument to null
    ; xor edx, edx ; this was already done earlier

    ; ok, go!
    int 0x80