Difference between revisions of "gdb notes"
From Noah.org
Jump to navigationJump to searchm |
m (→Phrack article) |
||
Line 30: | Line 30: | ||
[[File:phrack-0x3a-0x07.txt]] | [[File:phrack-0x3a-0x07.txt]] | ||
− | |||
http://phrack.org/archives/58/p58_0x07_Linux%20on-the-fly%20kernel%20patching%20without%20LKM_by_devik%20&%20sd.txt | http://phrack.org/archives/58/p58_0x07_Linux%20on-the-fly%20kernel%20patching%20without%20LKM_by_devik%20&%20sd.txt | ||
− |
Revision as of 02:56, 30 April 2010
Disassemble kernel system_call
aptitude -q -y install build-essential aptitude -q -y install linux-source gdb -q /usr/src/linux-source-`uname -r`/vmlinux (gdb) disassemble system_call Dump of assembler code for function system_call: 0xc0103fa0 <system_call+0>: push %eax 0xc0103fa1 <system_call+1>: cld 0xc0103fa2 <system_call+2>: push %fs 0xc0103fa4 <system_call+4>: push %es 0xc0103fa5 <system_call+5>: push %ds 0xc0103fa6 <system_call+6>: push %eax 0xc0103fa7 <system_call+7>: push %ebp ---Type <return> to continue, or q <return> to quit--- ... 0xc0104065 <ldt_ss+53>: pop %edi 0xc0104066 <ldt_ss+54>: pop %eax 0xc0104067 <ldt_ss+55>: lss (%esp),%esp 0xc010406b <ldt_ss+59>: jmp 0xc010401b <restore_nocheck_notrace> End of assembler dump.