当前位置：文江博客话题详情

how to disassemble a system call?

发布于 2022-09-06 10:55:18 字数 104 浏览 22 评论 0

How could I disassemble system call, so that i could get the assembly instructions involved in it

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

魄砕の薆 2022-09-13 10:55:18

Well, you could do something like this. Say I wanted to get an assembly dump of "dup":

Write this:

#include <stdio.h>
#include <sys/file.h>
int main() {
        return dup(0)
}

Compile it:

gcc  -o systest -g3 -O0 systest.c

Dump it:

objdump -d systest

Looking in "main" I see:

  400478:       55                      push   %rbp
  400479:       48 89 e5                mov    %rsp,%rbp
  40047c:       bf 00 00 00 00          mov    $0x0,%edi
  400481:       b8 00 00 00 00          mov    $0x0,%eax
  400486:       e8 1d ff ff ff          callq  4003a8 <dup@plt>
  40048b:       c9                      leaveq
  40048c:       c3                      retq
  40048d:       90                      nop
  40048e:       90                      nop
  40048f:       90                      nop

So looking at "dup@plt" I see:

00000000004003a8 <dup@plt>:
  4003a8:       ff 25 7a 04 20 00       jmpq   *2098298(%rip)        # 600828 <_GLOBAL_OFFSET_TABLE_+0x20>
  4003ae:       68 01 00 00 00          pushq  $0x1
  4003b3:       e9 d0 ff ff ff          jmpq   400388 <_init+0x18>

So it's making a call into a "global offset table", which I would assume has all the syscall vectors. Like the other post said, see the kernel source (or standard library sources?) for details on that.

回复收藏 0

染年凉城似染瑾 2022-09-13 10:55:18

I don't think you want to do this. System call handling is complex (see http://www.ibm.com/developerworks/linux/library/l-system-calls/). Since you have tagged this question with "linux", you can just download the source from kernel.org (which will be far more understandable and informative than the assembly code).

回复收藏 0

情独悲 2022-09-13 10:55:18

For understanding linux system call, browse through the code.

Important files are:

/include/linux/syscalls.h (all the supported system calls in linux)
/arch/arm/kernel/entry-common.S (implementation of system call at register level)
/arch/arm/kernel/calls.S (system call numbers)
/arch/arm/include/asm/unistd.h (address of system call)

Note: system call table can be addressed only from system.map only.

回复收藏 0

~没有更多了~