Skip to content

Instantly share code, notes, and snippets.

@yuryu

yuryu/gs10.c

Last active August 29, 2015 14:02
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save yuryu/a4b7701892a88c2c0b8d to your computer and use it in GitHub Desktop.
Save yuryu/a4b7701892a88c2c0b8d to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gs10.c
#include <stdio.h>
#include <sys/types.h>
#include <unistd.h>
int main()
{
unsigned int gs10;
pid_t pid, pid10;
FILE *fp;
char buf[256];
__asm__ volatile (
"movl %%gs:0x10, %%eax"
: "=a"(gs10)
);
printf("syscall point = %p\n", gs10);
pid = getpid();
__asm__ volatile ( "\t"
"movl $20, %%eax\n\t"
"call *%%gs:0x10\n\t"
: "=a"(pid10)
);
printf("pid = %u, pid10 = %u\n", pid, pid10);
fp = fopen("/proc/self/maps", "r");
while(fgets(buf, sizeof(buf), fp) != NULL){
fputs(buf, stdout);
}
fclose(fp);
}
Raw
kernel_syscall.txt
$ gdb ./a.out
GNU gdb (GDB) Fedora 7.7.1-13.fc20
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-redhat-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./a.out...done.
(gdb) start
Temporary breakpoint 1 at 0x804856c: file gscall.c, line 12.
Starting program: /home/yuryu/src/a.out
Temporary breakpoint 1, main () at gscall.c:12
12 __asm__ volatile (
Missing separate debuginfos, use: debuginfo-install glibc-2.18-12.fc20.i686
(gdb) n
16 printf("syscall point = %p\n", gs10);
(gdb)
syscall point = 0xb7ffd414
17 pid = getpid();
(gdb) disas 0xb7ffd414
Dump of assembler code for function __kernel_vsyscall:
0xb7ffd414 <+0>: push %ecx
0xb7ffd415 <+1>: push %edx
0xb7ffd416 <+2>: push %ebp
0xb7ffd417 <+3>: mov %esp,%ebp
0xb7ffd419 <+5>: sysenter
0xb7ffd41b <+7>: nop
0xb7ffd41c <+8>: nop
0xb7ffd41d <+9>: nop
0xb7ffd41e <+10>: nop
0xb7ffd41f <+11>: nop
0xb7ffd420 <+12>: nop
0xb7ffd421 <+13>: nop
0xb7ffd422 <+14>: int $0x80
0xb7ffd424 <+16>: pop %ebp
0xb7ffd425 <+17>: pop %edx
0xb7ffd426 <+18>: pop %ecx
0xb7ffd427 <+19>: ret
End of assembler dump.
Raw
result.txt
$ ./a.out
syscall point = 0xb775a414
pid = 13734, pid10 = 13734
08048000-08049000 r-xp 00000000 fd:00 812670 /home/yuryu/src/a.out
08049000-0804a000 r--p 00000000 fd:00 812670 /home/yuryu/src/a.out
0804a000-0804b000 rw-p 00001000 fd:00 812670 /home/yuryu/src/a.out
09370000-09391000 rw-p 00000000 00:00 0 [heap]
b7568000-b7569000 rw-p 00000000 00:00 0
b7569000-b7721000 r-xp 00000000 fd:00 391110 /usr/lib/libc-2.18.so
b7721000-b7723000 r--p 001b8000 fd:00 391110 /usr/lib/libc-2.18.so
b7723000-b7724000 rw-p 001ba000 fd:00 391110 /usr/lib/libc-2.18.so
b7724000-b7727000 rw-p 00000000 00:00 0
b7738000-b773b000 rw-p 00000000 00:00 0
b773b000-b775a000 r-xp 00000000 fd:00 397102 /usr/lib/ld-2.18.so
b775a000-b775b000 r-xp 00000000 00:00 0 [vdso]
b775b000-b775c000 r--p 0001f000 fd:00 397102 /usr/lib/ld-2.18.so
b775c000-b775d000 rw-p 00020000 fd:00 397102 /usr/lib/ld-2.18.so
bfed0000-bfef1000 rw-p 00000000 00:00 0 [stack]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment