Hui Zhong Qiu (qiuhuizhong@xxxxxxxxx) wrote: > Hi guys, > > When a system call is made in the userland, how are the registers filled? > > I read that EAX stores the system call number, EBX stores the 1st arg, > ECX 2nd arg, EDX 3rd arg, ESI 4th arg and EDI 5th arg. If there are > more than 5 arguments, they are pushed into the stack. mmap() uses 6 parameters. I don't have verified if it is already right. 6th parameter is stored in EBP. > So, my questions are: > 1. EAX stores the system call number or does it store the absolute (or > relative) address to the actual system call? > > 2. If there are less than 5 arguments, what are the values in some of > the registers like ESI, EDI etc. > > 3. Can I find the registers values inside the hexdump of the kernel > file itself? I want to look at the assembly codes of the portion where > the oops occur. > > Thanks for any advices !! > > cheers, > hz -- Christophe
Attachment:
signature.asc
Description: Digital signature
