> > > Arjan, this means we must analyze the kernel binary (for AT_SYSINFO) > > > to get the vsyscall address (which was fixed at 0xffffe400 before) ? > > > > Hi, > > > > No! > > > > The kernel places the AT_SYSINFO value on the stack of the process at > > start time! (same with the other AT_ values) > > > > glibc knows how to parse these values (and you can do it yourself as > > well, although having glibc do it is better)... > > > > OK, so suppose that glibc does the job for me, how can I get that > value of AT_SYSINFO from inside my userspace program? the AT_SYSINFO value is put in the %gs:040 address for example. > (sorry, I never > access to those AT_values before, and don't event know their > existence. What are their for, by the way?) they are there for the kernel to pass certain "key system parameters" to the program; $ LD_SHOW_AUXV=1 /bin/true AT_SYSINFO: 0x9dc400 AT_SYSINFO_EHDR: 0x9dc000 AT_HWCAP: fpu vme de pse tsc msr mce cx8 mtrr pge mca cmov pat clflush dts acpi mmx fxsr sse sse2 ss tm pbe AT_PAGESZ: 4096 AT_CLKTCK: 100 AT_PHDR: 0x8048034 AT_PHENT: 32 AT_PHNUM: 8 AT_BASE: 0x0 AT_FLAGS: 0x0 AT_ENTRY: 0x8048b30 AT_UID: 500 AT_EUID: 500 AT_GID: 500 AT_EGID: 500 AT_SECURE: 0 AT_PLATFORM: i686 such as: page size userspace visible HZ value (always 100 on x86) where the kernel put certain elf datastructures the UID/GID/etc -- if you want to mail me at work (you don't), use arjan (at) linux.intel.com -- Kernelnewbies: Help each other learn about the Linux kernel. Archive: http://mail.nl.linux.org/kernelnewbies/ FAQ: http://kernelnewbies.org/faq/
