Hi Mulyadi and WangZhe,<div><br></div><div>Nice to write to you again....:-).<br><br><div class="gmail_quote">On Sun, Jul 15, 2012 at 1:49 PM, Mulyadi Santosa <span dir="ltr"><<a href="mailto:mulyadi.santosa@gmail.com" target="_blank">mulyadi.santosa@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi...<br>
<div><br>
On Sun, Jul 15, 2012 at 9:28 AM, 王哲 <<a href="mailto:wangzhe5004@gmail.com" target="_blank">wangzhe5004@gmail.com</a>> wrote:<br>
> and the second program:<br>
><br>
> #include <stdio.h><br>
> #include <unistd.h><br>
><br>
> int main(void)<br>
> {<br>
> unsigned long value = 0;<br>
> value = getpid();<br>
> return 0;<br>
> }<br>
><br>
> and disassembling it:( objdump -d a.out)<br>
> ...<br>
> 08048300 <getpid@plt>:<br>
> 8048300: ff 25 00 a0 04 08 jmp *0x804a000<br>
> 8048306: 68 00 00 00 00 push $0x0<br>
> 804830b: e9 e0 ff ff ff jmp 80482f0 <_init+0x3c><br>
<br>
</div>Looks like jumping into vsyscall page to me...<br>
<span><font color="#888888"><br></font></span></blockquote><div><br></div><div>after I start the process, and doing a gdb -p <pid>:</div><div><br></div><div><div>(gdb) disassemble main </div><div>Dump of assembler code for function main:</div>
<div> 0x0000000000400564 <+0>:<span style="white-space:pre-wrap"> </span>push %rbp</div><div> 0x0000000000400565 <+1>:<span style="white-space:pre-wrap"> </span>mov %rsp,%rbp</div>
<div> 0x0000000000400568 <+4>:<span style="white-space:pre-wrap"> </span>sub $0x10,%rsp</div><div> 0x000000000040056c <+8>:<span style="white-space:pre-wrap"> </span>movq $0x0,-0x8(%rbp)</div>
<div> 0x0000000000400574 <+16>:<span style="white-space:pre-wrap"> </span>mov $0x0,%eax</div><div> 0x0000000000400579 <+21>:<span style="white-space:pre-wrap"> </span>callq 0x400460 <getpid@plt></div>
<div> 0x000000000040057e <+26>:<span style="white-space:pre-wrap"> </span>cltq </div><div> 0x0000000000400580 <+28>:<span style="white-space:pre-wrap"> </span>mov %rax,-0x8(%rbp)</div>
<div> 0x0000000000400584 <+32>:<span style="white-space:pre-wrap"> </span>movabs $0x9184e72a000,%rdi</div><div> 0x000000000040058e <+42>:<span style="white-space:pre-wrap"> </span>mov $0x0,%eax</div>
<div> 0x0000000000400593 <+47>:<span style="white-space:pre-wrap"> </span>callq 0x400470 <sleep@plt></div><div> 0x0000000000400598 <+52>:<span style="white-space:pre-wrap"> </span>mov $0x0,%eax</div>
<div> 0x000000000040059d <+57>:<span style="white-space:pre-wrap"> </span>leaveq </div><div> 0x000000000040059e <+58>:<span style="white-space:pre-wrap"> </span>retq </div>
<div>End of assembler dump.</div><div>(gdb) disassemble getpid</div><div>Dump of assembler code for function getpid:</div><div> 0x00007f19ae558530 <+0>:<span style="white-space:pre-wrap"> </span>mov %fs:0x2d4,%edx</div>
<div> 0x00007f19ae558538 <+8>:<span style="white-space:pre-wrap"> </span>cmp $0x0,%edx</div><div> 0x00007f19ae55853b <+11>:<span style="white-space:pre-wrap"> </span>jle 0x7f19ae558540 <getpid+16></div>
<div> 0x00007f19ae55853d <+13>:<span style="white-space:pre-wrap"> </span>mov %edx,%eax</div><div> 0x00007f19ae55853f <+15>:<span style="white-space:pre-wrap"> </span>retq </div>
<div> 0x00007f19ae558540 <+16>:<span style="white-space:pre-wrap"> </span>jne 0x7f19ae558554 <getpid+36></div><div> 0x00007f19ae558542 <+18>:<span style="white-space:pre-wrap"> </span>mov %fs:0x2d0,%eax</div>
<div> 0x00007f19ae55854a <+26>:<span style="white-space:pre-wrap"> </span>test %eax,%eax</div><div> 0x00007f19ae55854c <+28>:<span style="white-space:pre-wrap"> </span>nopl 0x0(%rax)</div>
<div> 0x00007f19ae558550 <+32>:<span style="white-space:pre-wrap"> </span>je 0x7f19ae558554 <getpid+36></div><div> 0x00007f19ae558552 <+34>:<span style="white-space:pre-wrap"> </span>repz retq </div>
<div> 0x00007f19ae558554 <+36>:<span style="white-space:pre-wrap"> </span>mov $0x27,%eax</div><div> 0x00007f19ae558559 <+41>:<span style="white-space:pre-wrap"> </span>syscall </div>
<div> 0x00007f19ae55855b <+43>:<span style="white-space:pre-wrap"> </span>test %edx,%edx</div></div><div><div> 0x7f19ae55855d <getpid+45>:<span style="white-space:pre-wrap"> </span>jne 0x7f19ae558552 <getpid+34></div>
<div> 0x7f19ae55855f <getpid+47>:<span style="white-space:pre-wrap"> </span>mov %eax,%fs:0x2d0</div><div> 0x7f19ae558567 <getpid+55>:<span style="white-space:pre-wrap"> </span>retq </div>
<div><br></div></div><div>And to check the address space:</div><div><br></div><div><div>(gdb) info sharedlibrary </div><div>From To Syms Read Shared Object Library</div><div>0x00007f19ae4cb8c0 0x00007f19ae5dec60 Yes (*) /lib/libc.so.6</div>
<div>0x00007f19ae830af0 0x00007f19ae849704 Yes (*) /lib64/ld-linux-x86-64.so.2</div><div>(*): Shared library is missing debugging information.</div></div><div><br></div><div><br></div><div>and if u want:</div><div>
<br>
</div><div><div>cat /proc/2282/maps </div><div><br></div><div>7f19ae82a000-7f19ae82b000 rw-p 0017d000 08:05 9922 /lib/<a href="http://libc-2.11.1.so" target="_blank">libc-2.11.1.so</a></div><div>7f19ae830000-7f19ae850000 r-xp 00000000 08:05 8824 /lib/<a href="http://ld-2.11.1.so" target="_blank">ld-2.11.1.so</a></div>
<div>7ffff2031000-7ffff2052000 rw-p 00000000 00:00 0 [stack]</div>
<div>7ffff21af000-7ffff21b0000 r-xp 00000000 00:00 0 [vdso]</div><div>ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]</div></div><div><br></div><div>noticed also that static analysis tools like "objdump -d" is generally avoided, if u want to understand dynamic addresses. From above, we can conclude that the "sysenter" (this is intel syntax, or "syscall", in AMD syntax as used by gdb disassembly above) is used for the transition to the kernel - as embedded inside the libc.so.6.</div>
<div>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span><font color="#888888">
--<br>
regards,<br>
<br>
Mulyadi Santosa<br>
Freelance Linux trainer and consultant<br>
<br>
blog: <a href="http://the-hydra.blogspot.com" target="_blank">the-hydra.blogspot.com</a><br>
training: <a href="http://mulyaditraining.blogspot.com" target="_blank">mulyaditraining.blogspot.com</a><br>
</font></span><div><div><br>
_______________________________________________<br>
Kernelnewbies mailing list<br>
<a href="mailto:Kernelnewbies@kernelnewbies.org" target="_blank">Kernelnewbies@kernelnewbies.org</a><br>
<a href="http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies" target="_blank">http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>Regards,<br>Peter Teoh<br>
</div>