All geek questions in one place

How to parse a system call?

How can I parse a system call so that I can get assembly instructions in it.

+4
source share
3 answers

Well, you could do something like this. Say I wanted to get the dup assembly:

Write this:

#include <stdio.h> #include <sys/file.h> int main() { return dup(0) }

Compile it:

 gcc -o systest -g3 -O0 systest.c

Dump:

 objdump -d systest

In the "main" I see:

  400478: 55 push %rbp 400479: 48 89 e5 mov %rsp,%rbp 40047c: bf 00 00 00 00 mov $0x0,%edi 400481: b8 00 00 00 00 mov $0x0,%eax 400486: e8 1d ff ff ff callq 4003a8 < dup@plt > 40048b: c9 leaveq 40048c: c3 retq 40048d: 90 nop 40048e: 90 nop 40048f: 90 nop

So, looking at "dup @plt", I see:

 00000000004003a8 < dup@plt >: 4003a8: ff 25 7a 04 20 00 jmpq *2098298(%rip) # 600828 <_GLOBAL_OFFSET_TABLE_+0x20> 4003ae: 68 01 00 00 00 pushq $0x1 4003b3: e9 d0 ff ff ff jmpq 400388 <_init+0x18>

Thus, he makes a call to the "global displacement table", which I would assume has all syscall vectors. As with other published posts, refer to the source of the kernel (or the sources of the standard library?) For more information on this.

+4
source

I don’t think you want to do this. Handling system calls is complicated (see http://www.ibm.com/developerworks/linux/library/l-system-calls/ ). Since you flagged this question with "linux", you can simply download the source from kernel.org (this will be much more understandable and informative than the build code).

+2
source

To understand the linux system call, review the code.

Important files are:

/include/linux/syscalls.h (all supported system calls on Linux)

/arch/arm/kernel/entry-common.S (register-level system call implementation)

/arch/arm/kernel/calls.S( system call numbers)

/arch/arm/include/asm/unistd.h( system call address)

Note. The system call table can only be addressed using system.map.

0
source

Source: https://habr.com/ru/post/1338964/

More articles:


All Articles