On Fri, Apr 25, 2008 at 2:18 PM, Michael Kerrisk <mtk.manpages@xxxxxxxxxxxxxx> wrote: > On Fri, Apr 25, 2008 at 7:39 AM, Peter Teoh <htmldeveloper@xxxxxxxxx> wrote: > > I did not tried the glibc approach. > > > > But to answer how the specific transition from fork() to sys_fork() > > (in kernel) is made: > > > > In /lib/libc.so.6: > > > > objdump -t libc.so.6 | grep fork > > > > show that fork() API is implemented inside this file. > > > > Then objdump -d to disassemble the file, and search for fork: > > > > 44153710 <__fork>: > > 44153710: 55 push %ebp > > 44153711: 89 e5 mov %esp,%ebp > > 44153713: 57 push %edi > > 44153714: 56 push %esi > > 44153715: 53 push %ebx > > > > 44153937: b8 f0 00 00 00 mov $0xf0,%eax ========> for sys_fork(). > > $0xf0 is not the syscall number for fork()? > Ok...sorry, so may the following example is better: 44153970 <__vfork>: 44153970: 59 pop %ecx 44153971: 65 8b 15 4c 00 00 00 mov %gs:0x4c,%edx 44153978: 89 d0 mov %edx,%eax 4415397a: f7 d8 neg %eax 4415397c: 75 05 jne 44153983 <__vfork+0x13> 4415397e: b8 00 00 00 80 mov $0x80000000,%eax 44153983: 65 a3 4c 00 00 00 mov %eax,%gs:0x4c 44153989: b8 be 00 00 00 mov $0xbe,%eax 4415398e: cd 80 int $0x80 0xbe is the syscall number for sys_vfork(). Just emphasize the approach. I saw a call *%eax, and so some reassembly of the binary number may be needed. (the previous disassembly for fork may include data included inside the assembly). Thanks. -- Regards, Peter Teoh -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ
