Home/ Questions/Q 8522417
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T07:06:42+00:00

Sometimes the correct argc value is returned, sometimes 0, and sometimes (seemingly)random numbers… all

  • 0

Sometimes the correct argc value is returned, sometimes 0, and sometimes (seemingly)random numbers… all from the same executable.

.section .text
.global _start
_start:
    movq    $1, %rax
    popq    %rdi
    syscall

For example:

%as -o this.o this.s ; ld -o this this.o

%./this; echo $?
1

%./this 1; echo $?
0

%./this 1 2; echo $?
3

%./this 1 2 a; echo $?
4

%./this 1 2 a f; echo $?
0

%_

I’m kind of new to assembly, but I was pretty confident that getting the argument count was as easy as popping it off the stack like in Linux, where the System V ABI documents that RSP points at argc in a freshly execve‘d process.

Am I doing something wrong, or is this just really messed up?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I was confused in the same case on FreeBSD 9.0/amd64. What I did is (I used nasm for assembler):

    $ cat foo.asm
global _start
_start:
        mov     rax, 4          ; write
        mov     rdi, 1          ; stdout
        mov     rsi, rsp        ; address
        mov     rdx, 16         ; 16bytes
        syscall

        mov     rax, 1          ; exit
        syscall
$ nasm -f elf64 foo.asm && ld -o foo foo.o
$ ./foo | hd
00000000  00 00 00 00 00 00 00 00  01 00 00 00 00 00 00 00  |................|
00000010
$ ./foo 2 | hd
00000000  02 00 00 00 00 00 00 00  b8 dc ff ff ff 7f 00 00  |................|
00000010
$ ./foo 2 3 | hd
00000000  00 00 00 00 00 00 00 00  03 00 00 00 00 00 00 00  |................|
00000010
$ ./foo 2 3 4 | hd
00000000  00 00 00 00 00 00 00 00  04 00 00 00 00 00 00 00  |................|
00000010
$ ./foo 2 3 4 5 | hd
00000000  05 00 00 00 00 00 00 00  b0 dc ff ff ff 7f 00 00  |................|
00000010

    I expected that argc was at rsp, but it was not.

    I guessed that the kernel (the image activator) sets registers. I searched the source tree, I found the following code in /usr/src/sys/amd64/amd64/machdep.c (exec_setregs).

            regs->tf_rsp = ((stack - 8) & ~0xFul) + 8;
        regs->tf_rdi = stack;           /* argv */

    EDIT: machdep.c has been split up and this function can now be found in exec_machdep.c

    These lines look saying that rsp is aligned, actual data are at rdi. I changed my code, and I got expected results.

    $ cat foo.asm
global _start
_start:
        push    rdi
        mov     rax, 4          ; write
        mov     rdi, 1          ; stdout
        pop     rsi
        mov     rdx, 16         ; 16bytes
        syscall

        mov     rax, 1          ; exit
        syscall
$ nasm -f elf64 foo.asm && ld -o foo foo.o
$ ./foo | hd
00000000  01 00 00 00 00 00 00 00  b0 dc ff ff ff 7f 00 00  |................|
00000010
$ ./foo 2 | hd
00000000  02 00 00 00 00 00 00 00  a8 dc ff ff ff 7f 00 00  |................|
00000010
$ ./foo 2 3 | hd
00000000  03 00 00 00 00 00 00 00  a8 dc ff ff ff 7f 00 00  |................|
00000010
$ ./foo 2 3 4 | hd
00000000  04 00 00 00 00 00 00 00  a8 dc ff ff ff 7f 00 00  |................|
00000010
$ ./foo 2 3 4 5 | hd
00000000  05 00 00 00 00 00 00 00  a8 dc ff ff ff 7f 00 00  |................|
00000010

    Can you try rdi?

    • 0