Fwd: Understanding disassembly x86 + understanding function call + parameter pass and stack frame

[Tobias Boege]

On Tue, 06 Aug 2013, nidhi mittal hada wrote:
> ---------- Forwarded message ----------
> From: nidhi mittal hada <nidhimittal19 at gmail.com>
> Date: Tue, Aug 6, 2013 at 2:16 PM
> Subject: Understanding disassembly x86 + understanding function call +
> parameter pass and stack frame
> To: Kernelnewbies <kernelnewbies at nl.linux.org>
> Cc: Mulyadi Santosa <mulyadi.santosa at gmail.com>
> 
> 
> Hi All,
> 
> I am using crash tool to analyze core dump obtained from red hat linux on
> x86_64 platform.
> 
> And crash tool gives a stack trace of panic.
> But its does not show function parameters which were passed in this stack
> trace.
> 
> So i have to disassemble and understand the value of parameters passed to
> these functions, while it panicked.
> Which i am not able to understand much.
> 
> I would request help in knowing, how to understand disassembled function
> call , on x86_64 arch.
> 
> Putting some of the doubts..
> 
> a)like which sequence the parameters, return address, etc are pushed on
> stack?

Not necessarily on the stack. The AMD64 ABI [0] should help you here.
However, without knowledge of assembly I doubt you can achieve very much.

> b)Which registers are used, if some registers play some spl. role ?

You'll see in [0].

> c)lets say for a program a.c i use gcc -S a.c ...do we have some other
> command to generate
> somewhat more clear assembly code, may be with some comments in english
> 

Never heard of such a thing. Actually without optimisation, the generated
assembly code from gcc (from all I have seen and remember) is very clear -
sometimes a little bit clumsy, but clear. You should in fact practice with
something like -O2 if you are about to disassemble kernel functions...

> Any kind of help in understanding this will be appreciated ..

Regards,
Tobi

[0] http://www.uclibc.org/docs/psABI-x86_64.pdf