Login/Register
executing a process with argc=0
Asked Answered
Solved cinteger-overflowargvargc
J

3

11

Is it possible to execute a process whose argc = 0? I need to execute a program but it is extremely important for its argc to be equal to 0. Is there a way to do that? I tried to put 2^32 arguments in the command line so that it appears as if argc = 0 but there is a maximum limit to the number of arguments.

Jungly answered 13/11, 2011 at 18:46 Comment(8)
what exactly are you trying to achieve? I mean, maybe there's another, simpler way to do it.Taraxacum
What is your operating system, and how are you executing this process? Is it user-activated or are you calling from another process?Hanus
Can't you just set argc = 0 as the first line of main()?Persevere
also, this is related: https://mcmap.net/q/175168/-when-can-argv-0-have-nullTaraxacum
I have no control over the source code. But I know that in the source code, it exits if argc != 0. I am on linux ubuntu. I can activate it or I can call it from another process.Jungly
Thanks Aziz for the link, i think it might helpJungly
You could modify the binary with a debugger/hex editor and that would make really short work of it.Sjoberg
I wouldn't trust a program that breaks if argc != 0. That kind of implies that the person who developed it didn't even try running it once, let alone do any real testing.Danita
H
15

You can write a program that calls exec directly; that allows you to specify the command-line arguments (including the program name) and lack thereof.

Hanus answered 13/11, 2011 at 19:0 Comment(2)
Great, it works. But any idea how to pass arguments and still leave argc=0Jungly
argc indicates the number of arguments (plus one, for the program name), so no, that's not possible.Hanus
H
12

You may use linux system call execve().

int execve(const char *filename, char *const argv[], char *const envp[]);

You may pass the filename of executable and a null pointer as the argv[] to execute the binary and the argc will be zero.

It is my test code:

#include <stdio.h>
#include <unistd.h>

int main(void) {
    char *argv[] = { NULL };
    execv("./target", argv);
    // execv is correct, look up https://linux.die.net/man/3/execv
    return 0;
}

And the strace result is:

execve("./target", [], [/* 20 vars */]) = 0

You could use envp[] to pass the arguments you defined anyways.

Furthermore, you could use assembly language to reach your goal (argc == 0 but you still need to pass arguments). I assume that you are using a 32-bits x86 environment.

The concept is that:

  • store 0x0b ($SYS_execve) into %eax
  • put the address of argv[] into %ebx
  • put the address of envp[] into %ecx
  • then use int 0x80 to do a system call

The memory structure is shown below:

+--------------------------------------------------+     
|               +----------------------------------|-----+
v               v               v------------------|-----|-----+
[arg_0][\0][...][arg_1][\0][...][arg_2][\0][...][ptr0][ptr1][ptr2][\0]
                                                ^
                                                |   (argv[] = NULL)
                                                +--- envp

I am wondering that if you were doing the lab assignment of the course provided by Prof. Taesoo Kim (GATech). Course Link: https://tc.gtisc.gatech.edu/cs6265

Or is it a hacker CTF (catch-the-flag contest) problem?

Horsey answered 30/1, 2017 at 3:39 Comment(0)
B
4

You could write a C program that spawns/execs the other program with no argv, like:

#include <spawn.h>
#include <stdlib.h>

int main(int argc, char** argv, char** envp)
{
    pid_t pid;
    char* zero_argv[] = {NULL};
    posix_spawn(&pid, "./that_app", NULL, NULL, zero_argv, envp);

    int status;
    waitpid(&pid, &status, NULL);
    return 0;
}
Burton answered 13/11, 2011 at 19:1 Comment(2)
Wouldn't this be undefined behavior?Gesualdo
@Gesualdo : Not really. The standard treats argc and argv[0] == 0 as a perfectly fine situation. See this question.Billmyre

© 2022 - 2024 — McMap. All rights reserved.