Hi,
I am working with a kernel module, which was compiled using GCC
4.X, for x86_64 platform.
After dis-assembling the module object file, I see that the callq
function is always called with the next instruction of the code as the
target address(based on IP only), as the offset feild following the
instruction "e8"(corresponding to callq) is always 0, instead of the
address of the function where I would think the call should be
actually made to.
What I want to understand is, how function calls work here? Based
on my understanding, the callq instruction should be followed by a
offset address, so that RIP = RIP + Offset. The offset in my case is
always 0. For the following code, the actual address where
qla2xxx_wake_dpc(pha) starts from is 0x1ac68
C Code:
qla2x00_timer{
.....
.....
test_bit(RELOGIN_NEEDED, &ha->dpc_flags)))
qla2xxx_wake_dpc(pha);
qla2x00_restart_timer(ha, WATCH_INTERVAL);
}
Disassembly:
0x000000000001df91 <qla2x00_timer+833>: test $200000,%eax
0x000000000001df96 <qla2x00_timer+838>: je 0x1dfa0
0x000000000001df98 <qla2x00_timer+840>: mov %r15,%rdi
0x000000000001df9b <qla2x00_timer+843>: callq 0x1dfa0
0x000000000001dfa0 <qla2x00_timer+848>: mov 0(%rip),%rsi
0x000000000001dfa7 <qla2x00_timer+855>: lea 0x2288(%r12),%rdi
0x000000000001dfaf <qla2x00_timer+863>: add $0x64,%rsi
0x000000000001dfb3 <qla2x00_timer+867>: callq 0x1dfb8
0x000000000001dfb8 <qla2x00_timer+872>: add $0x8,%rsp
0x000000000001dfbc <qla2x00_timer+876>: pop %rbx
0x000000000001dfbd <qla2x00_timer+877>: pop %r12
0x000000000001dfbf <qla2x00_timer+879>: pop %r13
0x000000000001dfc1 <qla2x00_timer+881>: pop %r14
0x000000000001dfc3 <qla2x00_timer+883>: pop %r15
0x000000000001dfc5 <qla2x00_timer+885>: leaveq
0x000000000001dfc6 <qla2x00_timer+886>: retq
Hexdump starting 0x1df98:
4c 89 ff
e8 00 00 00 00
48 8b 35 00 00 00 00
49 8d bc 24 88 22 00 00
48 83 c6 64
e8 00 00 00 00
I am not sure if this is the right list for this query. Please point
me to the right one if this is not.
Thanks
Shyam
