# Techniques-> Stack

We are considering the same hello world program.

In this technique we will treat "hello world" string as data, and push it on the stack in reverse order (as the stack goes from high to low in memory). Then we get this string as a reference from RSP.

1. Let's convert "hello world" string in hex using python

```
In [1]: import binascii

In [2]: message = "Hello World\n"

In [3]: message[::-1]
Out[3]: '\ndlroW olleH'

In [4]: len(message)
Out[4]: 12

In [5]: binascii.hexlify(message[::-1].encode())
Out[5]: b'0a646c726f57206f6c6c6548'
```

<figure><img src="/files/fKmKAuBUJqy2RwctvB2B" alt=""><figcaption></figcaption></figure>

The hex equivalent in reverse for hello world is: 0a646c726f57206f6c6c6548

I tried pushing the entire thing at once and got this error:

<figure><img src="/files/kVgsa1LPphhpDfhc9SMD" alt=""><figcaption></figcaption></figure>

Since message is 12 bytes, we need to break it down to 8 bytes and 4 bytes. Move first 4 bytes first onto the stack and then use a register to move the last 8 bytes.

<figure><img src="/files/I32FomnHfqz7sgX4tR7o" alt=""><figcaption></figcaption></figure>

Good. This works. But there are a lot of 0s still

<figure><img src="/files/Cr5Oqxma26ojCLPFV1TK" alt=""><figcaption></figcaption></figure>

So, I corrected it like so:

```
;structure would be:
;push string in reverse on stack
; 2nd technique of shellcode referencing without direct address usage

global _start

section .text
_start:

        xor rax,rax
        mov rdi,rax
        add rdi,1
        mov al,1
        push 0x0a646c72
        mov rbx, 0x6f57206f6c6c6548
        push rbx
        mov rsi, rsp
        xor rdx,rdx
        add rdx,12
        syscall


        xor rax,rax
        add rax,60
        xor rdi,rdi

        syscall
```

<figure><img src="/files/AWzd2MyvmdI3Ut5E4FU3" alt=""><figcaption></figcaption></figure>

Good, as usual adding the opcodes in skeleton to test it's functionality.

```
objdump -d ./2hello|grep '[0-9a-f]:'|grep -v 'file'|cut -f2 -d:|cut -f1-6 -d' '|tr -s ' '|tr '\t' ' '|sed 's/ $//g'|sed 's/ /\\x/g'|paste -d '' -s |sed 's/^/"/'|sed 's/$/"/g'
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://hexisanoob.gitbook.io/hexisanoob/linux-64-bit-assembly/shellcoding-basics/techniques-greater-than-stack.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.