2023-05-17 02:04:47 Nice
2023-05-17 02:07:22 I suspect their arguments list doesn't end with a NULL, or it starts in the wrong place or something
2023-05-17 02:07:34 If you can get a debugger working I would investigate the stack at _start
2023-05-17 02:08:27 It should be argc, argv[0], argv[1]|NULL, argv[2]|NULL, etc
2023-05-17 07:25:42 veltas: it's now working after adding "add $8, %rsp" to _start
2023-05-17 08:11:39 I was looking at what it would involve to get it working for Windows, I've found out that the kernel syscall interface on Windows isn't stable
2023-05-17 08:12:25 So you have to link to kernel32.dll or similar to get consistent behavior across Windows releases (even as recently as Windows 8 vs Windows 10)
2023-05-17 08:12:50 I think this is because viruses tend to try and do stuff directly so they have been rotating the syscall numbers
2023-05-17 08:36:31 crc: Instead of adding 8, you might want to just increase the rsp offsets used later
2023-05-17 08:36:59 i.e. load from 16(%rsp), 24(%rsp), 32(%rsp), instead of 8,16,24
2023-05-17 08:40:57 So FreeBSD really doesn't obey the SysV AMD64 supplemental, because that's not a Linux appendix thing, that's just part of the init spec for the ABI
2023-05-17 08:45:41 Also FreeBSD disclaims syscall stability as well, you're meant to link to C library
2023-05-17 09:18:01 So does OpenBSD
2023-05-17 09:20:41 OpenBSD changed the lseek syscall 2-3 years back; I'm not sure on FreeBSD. The other syscalls appear to date back to the beginnings with NetBSD/0.8 or earlier.
2023-05-17 09:29:36 More stable than Windows then
2023-05-17 18:49:12 I've added a NetBSD port of the amd64 vm; all that's left for the BSDs is DragonFly; which I'll probably try to do tomorrow or Friday. (I don't have a current DragonFly installation, so will need to set something up first).
2023-05-17 20:31:59 Arland setup DragonFly under VMware on his Windows system; I've done initial tests, and everything from the FreeBSD port works, except for the lseek system call.
2023-05-17 20:32:01 I changed the number, but truss is reporting that it's always calling with the correct file number and SEEK_SET, but the target offset is always showing as 0.
2023-05-17 20:33:06 I took a second look at the NetBSD port, and the syscall I grabbed for lseek is listed as old; the new one is the same number as DragonFly, and also does not work.
2023-05-17 20:33:10 I'll dig into this more tomorrow.
application/octet-stream
This content has been proxied by September (ba2dc).