| Greg Lopp on Wed, 17 Jul 2002 00:20:25 -0400 |
|
On Tue, Jul 16, 2002 at 02:36:53PM -0500, Sean Finney wrote: > On Tue, Jul 16, 2002 at 06:42:31AM -0400, W. Chris Shank wrote: > > can you tell me how to do this? > > i'm not exactly the expert on this, perhaps someone can correct me if i'm > wrong... I'm not an expect on the linux specifics, but I've spent many an hour tracing register specifics through the in-house developed OSs and bootstraps at a couple of companies I've been with. > > System.map is a list of the addresses of all the kernel symbols. when you > get a stack-trace, the eip points to the specific hex address in memory where > you were when the crash happened. again, my memory is a little fuzzy, but i > believe eip is 'effective instruction pointer', the register that contains the > machine code instruction currently being executed. Close. You got the contents correct, but the word is more likly extended than effective (not that this 486 SW developer's manual pdf uses either term). As in "extended to 32 bits from 16 in the previous generations of the architecture family". Notice how each of the three-letter registers start with 'e'? > you could use that > eip to find the closest address less than the eip to figure out what > function you were in. Exactly. Simlarly, he could use the other values in the call trace to follow the execution path back through other functions until he finds something related to his patches. Attachment:
pgpH5Lq4BAId7.pgp
|
|