On 4/4/06, Lutz Boehne <[EMAIL PROTECTED]> wrote: > Hi, > > > But when the program uses the libc I have more RET than call ... > > What's the good way to find function calls and return ? > > I'm doing something similar at the moment, utilizing the Branch Single > Stepping feature available in most x86 CPUs and came across that same problem. > > While debugging the issue, I found out that the dynamic linker "calls" > requested functions by returning to them. I believe this is done because this > is a (the only) generic way to "call" a variable addresses without destroying > register contents. Any further info or a confirmation of that guess would be > much appreciated. > > --- the code in /usr/src/libexec/rtld-elf/i386/rtld_start.S: > /* > * Binder entry point. Control is transferred to here by code in the PLT. > * On entry, there are two arguments on the stack. In ascending address > * order, they are (1) "obj", a pointer to the calling object's Obj_Entry, > * and (2) "reloff", the byte offset of the appropriate relocation entry > * in the PLT relocation table. > * > * We are careful to preserve all registers, even the the caller-save > * registers. That is because this code may be invoked by low-level > * assembly-language code that is not ABI-compliant. > */ > .align 4 > .globl _rtld_bind_start > .type _rtld_bind_start,@function > _rtld_bind_start: > pushf # Save eflags > pushl %eax # Save %eax > pushl %edx # Save %edx > pushl %ecx # Save %ecx > pushl 20(%esp) # Copy reloff argument > pushl 20(%esp) # Copy obj argument > > call [EMAIL PROTECTED] # Transfer control to the binder > /* Now %eax contains the entry point of the function being called. */ > > addl $8,%esp # Discard binder arguments > movl %eax,20(%esp) # Store target over obj argument > popl %ecx # Restore %ecx > popl %edx # Restore %edx > popl %eax # Restore %eax > popf # Restore eflags > leal 4(%esp),%esp # Discard reloff, do not change eflags > ret # "Return" to target address > --- > > Lutz > > >
Thanks for your answer, it's more difficult than I thought :( _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
