发表新帖
发表新帖

executing a process with argc=0

后端 未结
关注
3 1870
遥遥无期
遥遥无期 2021-01-11 17:09

Is it possible to execute a process whose argc = 0? I need to execute a program but it is extremely important for its argc to be equal to 0. Is there a way to do that? I tri

相关标签:
3条回答
  • 无人及你
    2021-01-11 17:46

    You can write a program that calls exec directly; that allows you to specify the command-line arguments (including the program name) and lack thereof.

    0 讨论(0)
  • 清歌不尽
    2021-01-11 17:46

    You may use linux system call execve().

    int execve(const char *filename, char *const argv[], char *const envp[]);

    You may pass the filename of executable and a null pointer as the argv[] to execute the binary and the argc will be zero.

    It is my test code:

    #include <stdio.h>
#include <unistd.h>

int main( void ) {
    char *argv[]={ NULL };
    execv( "./target", argv );
    return ( 0 );
}

    And the strace result is:

    execve("./target", [], [/* 20 vars */]) = 0

    You could use envp[] to pass the arguments you defined anyways.

    Furthermore, you could use assembly language to reach your goal (argc == 0 but you still need to pass arguments). I assume that you are using a 32-bits x86 environment.

    The concept is that:

    • store 0x0b ($SYS_execve) into %eax
    • put the address of argv[] into %ebx
    • put the address of envp[] into %ecx
    • then use int 0x80 to do a system call

    The memory structure is shown below:

    +--------------------------------------------------+     
|               +----------------------------------|-----+
v               v               v------------------|-----|-----+
[arg_0][\0][...][arg_1][\0][...][arg_2][\0][...][ptr0][ptr1][ptr2][\0]
                                                ^
                                                |   (argv[] = NULL)
                                                +--- envp

    I am wondering that if you were doing the lab assignment of the course provided by Prof. Taesoo Kim (GATech). Course Link: https://tc.gtisc.gatech.edu/cs6265

    Or is it a hacker CTF (catch-the-flag contest) problem?

    0 讨论(0)
  • 闹比i
    2021-01-11 17:55

    You could write a C program that spawns/execs the other program with no argv, like:

    #include <spawn.h>
#include <stdlib.h>

int main(int argc, char** argv, char** envp)
{
    pid_t pid;
    char* zero_argv[] = {NULL};
    posix_spawn(&pid, "./that_app", NULL, NULL, zero_argv, envp);

    int status;
    waitpid(&pid, &status, NULL);
    return 0;
}
    0 讨论(0)
 看不清?
提交回复
热议问题