Thanks, On Sun, Dec 21, 2014 at 9:27 AM, Muli Ben-Yehuda <mu...@mulix.org> wrote: > On Fri, Dec 19, 2014 at 02:19:07PM +0000, Elazar Leibovich wrote: > >> I know where the stack ends, but how can I know where it begins? > > What assumptions can you make? Can you run kernel code in the VM > (e.g., by cloning and restarting it)? Can you assume it's running > Linux and/or Windows? Can you assume the kernel was compiled with > frame pointers? Or is it a completely black box VM and you can't make > any assumptions about what's running inside?
This is a very practical question. Yes, I can run a forth-based OS, which isn't even using C-like stack. But I need to solve a problem for most of the user, and I want to support any reasonable OS. So Windows and Linux is a must, freeBSD/Solaris is nice-to-have, and anything else is probably optional. I want to assume anything which would be reasonably portable across popular OSes. For example, you asked about frame pointers, assuming you meant I can follow ebps back, until I get invalid ebp address, assuming this is the head of the stack. I'm not sure if it's reasonable to assume most kernel would be compiled with frame pointers, so I'm not sure how valid would this heuristic be. I can run code in the guest context, and actually to fetch the stack I'll probably run code that would copy it from the host context, but I couldn't think of a way to fetch the stack, that wouldn't be too implementation-specific. > By the way, some OS's have separate interrupt stacks, so you may be on > an interrupt stack or on a regular stack. > Good point, but I think the heuristic should catch it as well. _______________________________________________ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
