Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
What happens if you try to step into (si), the sysenter instruction?
In order to answer this question, you need to understand how si works.
How could it work? There are two ways I can think of:
either the debugger must set a (temporary) breakpoint on the next
instruction, or
the debugger modifies processor state such that the processor will execute one instruction and stop (aka single-step).
Option 1. is complicated, because the instruction could be an indirect jump, e.g. CALL (%eax), or a RET, and so the debugger might have to go to significant trouble to understand what that next instruction is.
All debuggers I am familiar with use option 2.
Now you can probably explain what you observe when you si over a sysenter (or a syscall, or a int80) instruction. The only other thing you need to know is that the kernel can't possibly allow the single-step mode once sysenter switches to the kernel mode (or else your entire system will freeze).
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 2 years ago.
Improve this question
I'm wondering how the Linux kernel knows in which registers to look for function arguments when performing a system call. For example: I call the write system call from assembly. The arguments are stores in rdi, rsi and rdx. The kernel then calls the write function which looks something like write(fd, buf, len).
But how does the kernel know, that fd is stored in rdi, buf in rsi and len in rdx?
How is the implementation? Is there some kind of a mapping in the kernel that initializes the arguments from these registers?
I guess im missing something. Maybe it doesn't even has something to do with these registers?
I would appreciate some help :)
When a system call is executed, the arguments are stored in registers as defined in the x86_64 calling conventions. On *nix Systems, these are most likely SystemV. The arguments to a simple C function are stored there as well, as the compiler also follows the calling conventions. Because of this, no further processing has to be done in order to map argument locations to the C calling routines.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
I was studying system calls from my operating systems course until this image appeared and I couldn't exactly understand its content.
Can anyone explain to me what is going on in user space and kernel space?
I try to Explain the mechanism of a system call to answer to your question:
When a System call is invoked a software interrupt is raised in user space ( or better in user mode ).
At this point, ever in user mode, the state of the user program is saved into memory.
After that there is the transaction in the kernel mode ( or kernel space ) to handle the interrupt, and return the value to the user space.
Then ,in user mode, the state of the running user program is restored from memory and the execution goes ahead.
I leave you a complete description of system call in this link : Kernel System Call
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
I am not fully satisfied with the format of GHC error messages. How can I make a custom print function?
You want to modify GHC? well, it's open-source so you can change it however you wish and recompile but that would probably be a gigantic overkill.
If I really really wanted to, I'd make a program that calls GHC with the arguments it receives, read back the output, process it, then print it.
You can do it with System.Process.readProcessWithExitCode, specifically.
You might be tempted to use readProcess for its easier API, but it will only read from stdout and you're almost certainly want stderr too.
Plus the exit-code in the former function could be very helpful too: you could know if compilation succeeded or not without even parsing, but by just seeing if the exit code = 0.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
How does MIPS actually store opcodes against instructions? Does it linearly search or use hashtable?
I want to know how does it do either in digital logic terms or programming terms.
What i mean is how does "add" become 0x10. Does it perform operation on the ascii code of "add" or it has it already saved and if saved then how?
If not for MIPS then any other architecture would work.
What i have found till now is it that it forms a symbol table for these opcodes. Any links for this would be helpful
Thanks in advance.
As #Michael noted in his comment, the processor never sees your mnemonic (such as add or lw). In fact, some of the most common command mnemonics (such as bge, branch if greater than or equal) are actually pseudo-instructions, which the compiler converts into multiple native instructions.
If you Google "MIPS Green Sheet", you'll find the reference card that is included in the typical Computer Architecture textbook, explaining how each instruction line - mnemonic plus parameters - is converted to a 32-bit word.
If you spend some time plugging MIPS instructions into the MIPS Instruction Converter, you'll see how something like add $t0, $t1, $t2 becomes a 32-bit sequence of 1's and 0's (represented in hex as 0x012A4020), which is all the CPU ever really sees.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
Im a beginner in Linux and exploitation things.. and I'm trying to figure out what is a kernel space shellcode and how can we debug it .. Thanks in advance =)
Shellcode are machine code instructions contained in data. They are used when exploiting buffer overrun and other vulnerabilities that cause the data you supply to be copied over existing code, or allow you to set a return address to a buffer filled with your shellcode.
Debugging kernel mode shellcode would require a kernel debugger. Place a breakpoint in the vulnerable kernel code, perform your exploit, and single step as control transfers to the shellcode.