From mboxrd@z Thu Jan 1 00:00:00 1970
From: htmldeveloper@gmail.com (Peter Teoh)
Date: Sun, 15 Jul 2012 18:46:55 +0800
Subject: [RFC]confusion about syscall
In-Reply-To:
References:
Message-ID:
To: kernelnewbies@lists.kernelnewbies.org
List-Id: kernelnewbies.lists.kernelnewbies.org
Hi Mulyadi and WangZhe,
Nice to write to you again....:-).
On Sun, Jul 15, 2012 at 1:49 PM, Mulyadi Santosa
wrote:
> Hi...
>
> On Sun, Jul 15, 2012 at 9:28 AM, ?? wrote:
> > and the second program:
> >
> > #include
> > #include
> >
> > int main(void)
> > {
> > unsigned long value = 0;
> > value = getpid();
> > return 0;
> > }
> >
> > and disassembling it:( objdump -d a.out)
> > ...
> > 08048300 :
> > 8048300: ff 25 00 a0 04 08 jmp *0x804a000
> > 8048306: 68 00 00 00 00 push $0x0
> > 804830b: e9 e0 ff ff ff jmp 80482f0 <_init+0x3c>
>
> Looks like jumping into vsyscall page to me...
>
>
after I start the process, and doing a gdb -p :
(gdb) disassemble main
Dump of assembler code for function main:
0x0000000000400564 <+0>: push %rbp
0x0000000000400565 <+1>: mov %rsp,%rbp
0x0000000000400568 <+4>: sub $0x10,%rsp
0x000000000040056c <+8>: movq $0x0,-0x8(%rbp)
0x0000000000400574 <+16>: mov $0x0,%eax
0x0000000000400579 <+21>: callq 0x400460
0x000000000040057e <+26>: cltq
0x0000000000400580 <+28>: mov %rax,-0x8(%rbp)
0x0000000000400584 <+32>: movabs $0x9184e72a000,%rdi
0x000000000040058e <+42>: mov $0x0,%eax
0x0000000000400593 <+47>: callq 0x400470
0x0000000000400598 <+52>: mov $0x0,%eax
0x000000000040059d <+57>: leaveq
0x000000000040059e <+58>: retq
End of assembler dump.
(gdb) disassemble getpid
Dump of assembler code for function getpid:
0x00007f19ae558530 <+0>: mov %fs:0x2d4,%edx
0x00007f19ae558538 <+8>: cmp $0x0,%edx
0x00007f19ae55853b <+11>: jle 0x7f19ae558540
0x00007f19ae55853d <+13>: mov %edx,%eax
0x00007f19ae55853f <+15>: retq
0x00007f19ae558540 <+16>: jne 0x7f19ae558554
0x00007f19ae558542 <+18>: mov %fs:0x2d0,%eax
0x00007f19ae55854a <+26>: test %eax,%eax
0x00007f19ae55854c <+28>: nopl 0x0(%rax)
0x00007f19ae558550 <+32>: je 0x7f19ae558554
0x00007f19ae558552 <+34>: repz retq
0x00007f19ae558554 <+36>: mov $0x27,%eax
0x00007f19ae558559 <+41>: syscall
0x00007f19ae55855b <+43>: test %edx,%edx
0x7f19ae55855d : jne 0x7f19ae558552
0x7f19ae55855f : mov %eax,%fs:0x2d0
0x7f19ae558567 : retq
And to check the address space:
(gdb) info sharedlibrary
>>From To Syms Read Shared Object Library
0x00007f19ae4cb8c0 0x00007f19ae5dec60 Yes (*) /lib/libc.so.6
0x00007f19ae830af0 0x00007f19ae849704 Yes (*)
/lib64/ld-linux-x86-64.so.2
(*): Shared library is missing debugging information.
and if u want:
cat /proc/2282/maps
7f19ae82a000-7f19ae82b000 rw-p 0017d000 08:05 9922
/lib/libc-2.11.1.so
7f19ae830000-7f19ae850000 r-xp 00000000 08:05 8824
/lib/ld-2.11.1.so
7ffff2031000-7ffff2052000 rw-p 00000000 00:00 0
[stack]
7ffff21af000-7ffff21b0000 r-xp 00000000 00:00 0
[vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0
[vsyscall]
noticed also that static analysis tools like "objdump -d" is generally
avoided, if u want to understand dynamic addresses. From above, we can
conclude that the "sysenter" (this is intel syntax, or "syscall", in AMD
syntax as used by gdb disassembly above) is used for the transition to the
kernel - as embedded inside the libc.so.6.
> --
> regards,
>
> Mulyadi Santosa
> Freelance Linux trainer and consultant
>
> blog: the-hydra.blogspot.com
> training: mulyaditraining.blogspot.com
>
> _______________________________________________
> Kernelnewbies mailing list
> Kernelnewbies at kernelnewbies.org
> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>
--
Regards,
Peter Teoh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20120715/a154aab0/attachment-0001.html