On Fri, Apr 25, 2008 at 10:05 AM, Peter Teoh <htmldeveloper@xxxxxxxxx> wrote: > On Fri, Apr 25, 2008 at 2:18 PM, Michael Kerrisk > <mtk.manpages@xxxxxxxxxxxxxx> wrote: > > > On Fri, Apr 25, 2008 at 7:39 AM, Peter Teoh <htmldeveloper@xxxxxxxxx> wrote: > > > I did not tried the glibc approach. > > > > > > But to answer how the specific transition from fork() to sys_fork() > > > (in kernel) is made: > > > > > > In /lib/libc.so.6: > > > > > > objdump -t libc.so.6 | grep fork > > > > > > show that fork() API is implemented inside this file. > > > > > > Then objdump -d to disassemble the file, and search for fork: > > > > > > 44153710 <__fork>: > > > 44153710: 55 push %ebp > > > 44153711: 89 e5 mov %esp,%ebp > > > 44153713: 57 push %edi > > > 44153714: 56 push %esi > > > 44153715: 53 push %ebx > > > > > > 44153937: b8 f0 00 00 00 mov $0xf0,%eax ========> for sys_fork(). > > > > $0xf0 is not the syscall number for fork()? > > > > Ok...sorry, so may the following example is better: > > 44153970 <__vfork>: > 44153970: 59 pop %ecx > 44153971: 65 8b 15 4c 00 00 00 mov %gs:0x4c,%edx > 44153978: 89 d0 mov %edx,%eax > 4415397a: f7 d8 neg %eax > 4415397c: 75 05 jne 44153983 <__vfork+0x13> > 4415397e: b8 00 00 00 80 mov $0x80000000,%eax > 44153983: 65 a3 4c 00 00 00 mov %eax,%gs:0x4c > 44153989: b8 be 00 00 00 mov $0xbe,%eax > 4415398e: cd 80 int $0x80 > > 0xbe is the syscall number for sys_vfork(). Just emphasize the approach. > > I saw a call *%eax, and so some reassembly of the binary number may > be needed. (the previous disassembly for fork may include data > included inside the assembly). Yes, but I think the point is that the fork() wrapper in glibc does *not* call sys_fork() -- it calls sys_clone(). strace shows us that. -- Michael Kerrisk Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ Found a bug? http://www.kernel.org/doc/man-pages/reporting_bugs.html -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ
