simple memory scan produces segmentation fault...

hi all
what wrong with this code?

Код (Text):

1.  
2. BITS 32
3.  
4. section .data
5. format    db "[0x%x] -> %d",10,13,0
6.  
7. section .text
8.     global main
9.     extern printf,exit
10.    
11. main:
12.     mov     esi,140h
13. while_loop:
14.     cmp     esi,150h
15.     jg      while_end      
16.     ;loop body
17.     mov     edx,[esi]; why segmentation fault?
18.     push    edx
19.     push    esi
20.     push    format
21.     call    printf 
22.     sub     esp,12
23.     inc     esi
24.     jmp     while_loop
25. while_end:
26.    
27.     call exit
28.  

-------------------------------------------
It produces segmentation fault.I compiled it under Debian (arch k7).The line with comment is problematic-if replace it with
mov edx,esi it runs.Output:

Код (Text):

1.  
2. [0x140] -> 320
3. [0x141] -> 321
4. [0x142] -> 322
5. [0x143] -> 323
6. [0x144] -> 324
7. [0x145] -> 325
8. [0x146] -> 326
9. [0x147] -> 327
10. [0x148] -> 328
11. [0x149] -> 329
12. [0x14a] -> 330
13. [0x14b] -> 331
14. [0x14c] -> 332
15. [0x14d] -> 333
16. [0x14e] -> 334
17. [0x14f] -> 335
18. [0x150] -> 336
19.  

I can't see any problem with that line...

 

You're trying to read a memory block starting at address 0x140. That block is outside your program sections (.data, .text, ...) You can't just go there and read a piece of memory wich is not your's. Try this:

Код (Text):

1. BITS 32
2.  
3. section .data
4. format    db "[0x%x] -> %d",10,13,0
5.  
6. section .text
7.     global main
8.     extern printf,exit
9.    
10. main:
11.     mov     esi,main
12. while_loop:
13.     cmp     esi,main + 10h
14.     jg      while_end      
15.     ;loop body
16.     mov     edx,[esi]; why segmentation fault?
17.     push    edx
18.     push    esi
19.     push    format
20.     call    printf 
21.     sub     esp,12
22.     inc     esi
23.     jmp     while_loop
24. while_end:
25.    
26.     call exit

This way you can read some bytes starting at your program's entry point.

 

hi Quantum.Thanks for answering...
I make another try to read a memory block.Looks like block
again outside my program sections,but this time there is now
segmentation fault.Here is same code with little change:

Код (Text):

1.  
2. BITS 32
3.  
4. section .data
5. format    db "[0x%x] -> %d",10,13,0
6. mem       dd -3000
7.  
8. section .text
9.     global main
10.     extern printf,exit
11.    
12. main:
13.    
14.         mov     esi,1h
15. while_loop:
16.         cmp     esi,10h
17.         jg      while_end
18.         ;loop body
19.         mov     edx,[mem+esi]; NO SEGMENTATION FAULT !
20.         push    edx
21.         push    esi
22.         push    format
23.         call    printf
24.         sub     esp,12
25.         inc     esi
26.         jmp     while_loop
27. while_end:
28.    
29.     call exit
30.  

So,a am starting scanning from address [-3000+esi]...
this is the output:

Код (Text):

1.  
2. [0x1] -> 16777204
3. [0x2] -> 65535
4. [0x3] -> 255
5. [0x4] -> 0
6. [0x5] -> 0
7. [0x6] -> 16777216
8. [0x7] -> 65536
9. [0x8] -> 256
10. [0x9] -> 1
11. [0xa] -> 603979776
12. [0xb] -> 2359296
13. [0xc] -> 9216
14. [0xd] -> 36
15. [0xe] -> 201326592
16. [0xf] -> 786432
17. [0x10] -> 3072
18.  

[...] is value of esi,the value in second column is taken from
memory at [-3000+esi].( which is not my memory? )
May be this is some kind of restriction applyed by NASM compiler?

 

No, you starting to scan at [offset mem + esi], because mem is a lable.

That's almost the -3000 value you assigned to mem. mem <= -3000 == 0xFFFFF448. Words and double words get stored in memory in little endian format. So, 0xFFFFF448 looks like 48 F4 FF FF. But you're starting to scan at mem + 1 and getting 16777204 == 0xFFFFF4. In little endian it's F4 FF FF 00. Got it?

 

Wow...what can i say.maestro? Back to reading...