On Mon, 25 Sep 2000 06:21:48 -0500,
Robert Redelmeier <[EMAIL PROTECTED]> wrote:
>Ah -- I see, you are looking at some sort of kernel debugger. Well,
>then one way would be to look at entry and exit points. i386 Frame
>pointers are set up with `pushl %ebp / movl %esp, %ebp / subl $local, %esp`
>or sometimes [not by gcc AFAIK with `enter`]. Exit points are similarly
>`movl %ebp, %esp / popl %ebp / ret`. Some versions of gcc do generate
>`leave / ret`.
>
>You could look for these byte signatures. Should be quite reliable with
>a good System.map.
Until you go to gcc 2.96 when the prologue code changes dramatically.
Interleaved instructions, plus "nice" constructs like
void foo(int bar)
{
if (!bar)
return;
....
return;
}
Could generate the test before doing anything on stack.
foo: cmpl 4(%esp),$0
be 1f
pushl %ebp
movl %esp,%ebp
...
movl %ebp,%esp
popl %ebp
1: ret
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/
