How do I link this execlp program using ld in Windows?

Question

I'm using gas from MinGW (gcc, as, and ld to be specific) to compile the following to-be shellcode in Windows...

    .text
    .globl _main
    .def   _main; .scl 2; .type 32; .endef
    #.extern _execlp
    .def   _execlp; .scl 2; .type 32; .endef
_main:
    push  %ebp
    movl  %esp, %ebp
    pushl $0
    pushl $0x00657865
    pushl $0x2e646d63
    call  _execlp
    movl  %ebp, %esp
    pop   %ebp

That compiles fine using...

as -o ex.o ex.s

Where ex.s is the assembly source file.

But during linking...

ld -o ex.exe ex.o

It gives the error...

ex.o:fake:(.text+0x10): undefined reference to 'execlp'

So I tried to make it an extern putting...

.extern _execlp

...above where definition is (the comment).

Meanwhile I had a .c file with this code (which originally generated the ex.s file (using gcc -S -m32 -o ex.s ex.c))...

#include <process.h>
int main(int argc, char *argv[])
{
   execlp("cmd.exe", 0);
   return 0;
}

When compiled with...

gcc -o exc.exe exc.c

Where exc.c is the c file. It compiles and runs with the desired functionality... So I used Dependency Walker to find the DLL's used by exc.exe and it found that kernel32.dll, ntdll.dll, and msvcrt.dll were being used. msvcrt is important because it is the c runtime library (which contains execlp). So I tried to link ex.o like so...

ld -lkernel32 -lndtll -lmsvcrt -o ex.exe ex.o

...with

.extern _execlp

...defined within the source file (ex.s) where the comment is.

It generated the very same linking error as above...

What am I doing wrong?

Answer 1

You need to use 2 underscores and list the libraries after the object file. Also, you pass the arguments wrong. This works for me:

    .globl _main
_main:
    push  %ebp
    movl  %esp, %ebp
    pushl $0x00657865
    pushl $0x2e646d63
    pushl $0
    lea 4(%esp), %eax
    pushl %eax
    call  __execlp

Assembled with: as -o ex.o ex.s

Linked with: ld -o ex.exe ex.o -lkernel32 -lmsvcrt