Hello! I am trying to get offset of sys_call_table on Linux x86_64.
First of all i read pointer to system_call entry by reading it from
MSR_LSTAR and it's correct
static unsigned long read_msr(unsigned int msr)
{
unsigned low, high;
asm volatile("rdmsr" : "=a" (low), "=d" (high) : "c" (msr));
return ((low) | ((u64)(high) << 32));
}
Then i parse it to find opcode of call instruction and it is also correct
#define CALL_OP 0xFF
#define CALL_MODRM 0x14
static unsigned long find_syscall_table(unsigned char *ptr)
{
//parse correct
for (; (*ptr != CALL_OP) || (*(ptr+1) != CALL_MODRM); ptr++);
//calculation not correct
ptr += *(unsigned int*)(ptr + 3);
pr_info("%lx", (unsigned long)ptr);
return ptr;
}
But i failed to get address after call opcode. First byte of ptr is
opcode, then ModRM byte, then SIB and then 32bit displacement, so i
add 3 to ptr and dereferenced it as integer value and then add it to
ptr, because it is %RIP, and address is RIP relative. But the result
value is wrong, it dont coincide with value i see in gdb, so where am
i wrong? Thank you
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@xxxxxxxxxxxxxxxxx
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
