Hui Zhong Qiu (qiuhuizhong@xxxxxxxxx) wrote:
> Hi guys,
>
> When a system call is made in the userland, how are the registers filled?
>
> I read that EAX stores the system call number, EBX stores the 1st arg,
> ECX 2nd arg, EDX 3rd arg, ESI 4th arg and EDI 5th arg. If there are
> more than 5 arguments, they are pushed into the stack.
mmap() uses 6 parameters. I don't have verified if it is already right. 6th parameter is stored in EBP.
Yes, Up to six arguments can be stored in registers (yes, 6th arg is in ebp see _syscall6()).
But if you have to send more, you need to create a structure of args and send a pointer to that arg. U will then need to copy the data from user space to kernel space in syscall handler.
> So, my questions are: > 1. EAX stores the system call number or does it store the absolute (or > relative) address to the actual system call?
Just the syscall number. i.e 1 for exit. see asm/unistd.h.
The number is acts as an offset to the sys_call_table which is an array of syscall entry points.
> 2. If there are less than 5 arguments, what are the values in some of > the registers like ESI, EDI etc.
Whatever it was before.
> 3. Can I find the registers values inside the hexdump of the kernel > file itself? I want to look at the assembly codes of the portion where > the oops occur.
You can dump registers using show_registers.
But it needs pt_regs as argument. i dont know whether it is recommended or not.
Alternatively, you can write your own inline assembly routines to get the reg values and dump.
regards Manish
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
-- Kernelnewbies: Help each other learn about the Linux kernel. Archive: http://mail.nl.linux.org/kernelnewbies/ FAQ: http://kernelnewbies.org/faq/
