Hi :) > Thanks to Mulyadi and Fernando ;) You're welcome :) Well, I am not a kernel wizard, so the best I can do is giving you clues :)) BTW, about how the kernel knows the correct offset in kernel mode stack, actually this is not something that falls from heaven :) To be precise, this is the work of the compiler (gcc, in our case). Compiler correctly converts your access to pt_regs into access to the stack using certain offset. To prove this, explore the vmlinux binary with objdump: objdump -S -D -j .text vmlinux To make it clearer for exploration, compile your kernel with CONFIG_DEBUG_INFO=y For example, in my Linux system, these lines : clone_flags = regs.ebx; newsp = regs.ecx; turn into: mov 0x18(%ebp),%eax mov 0xc(%ebp),%edx But...don't ask me how the compiler does this magic :)) it is beyond my lousy brain right now :))) regards, Mulyadi -- Kernelnewbies: Help each other learn about the Linux kernel. Archive: http://mail.nl.linux.org/kernelnewbies/ FAQ: http://kernelnewbies.org/faq/
