Hello,
I'm working now on task of obtaining function parameters from stack frames.
Can't say that it's really possible to get every parameter of every function,
but some of them are available.
My idea was the following: at start we have "reliable" register RSP, after that
I'm starting to parse frame:
push %rbp
mov %rsp,%rbp
push %r13
push %r12
push %rbx
hence we have rbx, r12, r13 "reliable" registers and so on.
At the end of frame we have the following:
mov %r13,%rcx
mov %rax,%rdx
mov %r12,%rsi
mov %rbx,%rdi
callq *%r8
Source is callee-save register, destination is parameter register. Then the next frame:
mov %rbx, -0x28(%rbp)
mov %r12, -0x20(%rbp)
mov %r13, -0x18(%rbp)
mov %r14, -0x10(%rbp)
and we have 3 of 4 parameters in stack. (RDI which is RBX, RSI which is R12, RCX which is R13).
I've already written this logic (and not only this - there are a lot of heuristics),
but I only have one single dump to test is. So I'd like to ask you all to provide some dumps
for testing (preferably RedHat kernels).
It would be great to get nested IRQs, different exceptions:
* double fault
* stack fault
that is something with stack switch (IST). This logic has not been written yet.
Thanks in advance.
Alexandr
--
Crash-utility mailing list
Crash-utility@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/crash-utility
