如何反编译特定的内核函数？

发布于 2024-10-26 14:35:42 字数 152 浏览 1 评论 0原文

例如，kernen 函数 system_call 反编译为：

push %eax
...
call * 0xc03094c0(,%eax,,4)

How's this did in linux?

原文

For example ,kernen function system_call decompiles to:

push %eax
...
call * 0xc03094c0(,%eax,,4)

How's this done in linux?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

放手` 2024-11-02 14:35:42

我认为它可能像这样简单：

使用调试符号编译内核，或者如果您使用发行版的版本，则获取其调试包。然后运行 gdb vmlinux 并输入 disas 如果您想查看 C 函数。只是 system_call 不是 C 函数，因此 GDB 不会以同样的方式查找它。但你仍然可以拆解：

(gdb) info addr system_call
Symbol "system_call" is at 0xc0403964 in a file compiled without debugging.
(gdb) x/4i 0xc0403964
   0xc0403964:  push   %eax
   0xc0403965:  cld    
   0xc0403966:  push   %fs
   0xc0403968:  push   %es

I think it could be as simple as this:

Compile your kernel with debugging symbols, or if you're using your distro's version, grab its debug package. Then run gdb vmlinux and type disas <function name> if you want to look at a C function. Except that system_call isn't a C function, so GDB won't look it up the same way. But you can still disassemble:

(gdb) info addr system_call
Symbol "system_call" is at 0xc0403964 in a file compiled without debugging.
(gdb) x/4i 0xc0403964
   0xc0403964:  push   %eax
   0xc0403965:  cld    
   0xc0403966:  push   %fs
   0xc0403968:  push   %es

回复收藏 0 原文