Understanding disassembly x86 + understanding function call + parameter pass and stack frame
neha naik
nehanaik27 at gmail.com
Fri Aug 9 17:40:43 EDT 2013
Hi,
Pick up a global variable eg : In case of filesystem stack the vfs
structure available through built in gdb command or in case of
device driver the gendisk structure.
Then try to find this in the stack. When you get it, look at the
register where it was showed and try to follow this with assembly code and
the
source code.
If you do this exercise you will start understanding assembly code better.
Sometimes the global variable itself can point you to other structures
which you can find in your stack. And from that you can get a better
idea about what is happening.
I personally feel analysing dumps is more about practice.
Regards,
Neha
On Fri, Aug 9, 2013 at 1:19 PM, Tayade, Nilesh
<Nilesh.Tayade at netscout.com>wrote:
> > -----Original Message-----
> > From: kernelnewbies-bounces at kernelnewbies.org [mailto:kernelnewbies-
> > bounces at kernelnewbies.org] On Behalf Of Matthias Brugger
> > Sent: Tuesday, August 06, 2013 7:14 PM
> > To: nidhi mittal hada
> > Cc: kernelnewbies at kernelnewbies.org
> > Subject: Re: Understanding disassembly x86 + understanding function call
> +
> > parameter pass and stack frame
> >
> > 2013/8/6 nidhi mittal hada <nidhimittal19 at gmail.com>:
> [...]
> > > Hi All,
> > >
> > > I am using crash tool to analyze core dump obtained from red hat linux
> > > on
> > > x86_64 platform.
> [...]
> > >
> > > Putting some of the doubts..
> > >
> > > a)like which sequence the parameters, return address, etc are pushed
> > > on stack?
> May be you would like to take a look at below link:
> http://www.cs.virginia.edu/~evans/cs216/guides/x86.html [Section: Calling
> Convention] has the exact answer to your question.
>
> > > b)Which registers are used, if some registers play some spl. role ?
> You also might want to read the tutorials:
>
> http://cocoafactory.com/blog/2012/11/23/x86-64-assembly-language-tutorial-part-1
> This tutorial is in four parts. Part-2 has information on all the
> registers and their roles.
>
> > > c)lets say for a program a.c i use gcc -S a.c ...do we have some other
> > > command to generate somewhat more clear assembly code, may be with
> > > some comments in English
> Take a look at information on objdump command. You can compile the debug
> binary of the code and use objdump with certain options on that binary-
> this will dump the assembly code along with inline C code.
>
> [...]
> >
> > >
> > > Any kind of help in understanding this will be appreciated ..
> > >
> > > Thanks
> > > Nidhi
>
> Hope it helps.
>
> --
> Thanks,
> Nilesh
>
>
>
> _______________________________________________
> Kernelnewbies mailing list
> Kernelnewbies at kernelnewbies.org
> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20130809/2170028e/attachment.html
More information about the Kernelnewbies
mailing list