Difference between revisions of "gdb notes"

From Noah.org
Jump to navigationJump to search
(Created page with 'Category:Engineering == Disassemble kernel '''system_call''' == <pre> aptitude -q -y install build-essential aptitude -q -y install linux-source gdb -q /usr/src/linux-sour…')
 
m
Line 24: Line 24:
 
0xc010406b <ldt_ss+59>: jmp    0xc010401b <restore_nocheck_notrace>
 
0xc010406b <ldt_ss+59>: jmp    0xc010401b <restore_nocheck_notrace>
 
End of assembler dump.
 
End of assembler dump.
 +
</pre>
 +
 +
== Phrack article ==
 +
 +
[[File:phrack-0x3a-0x07.txt‎]]
 +
 +
<pre>
 +
http://phrack.org/archives/58/p58_0x07_Linux%20on-the-fly%20kernel%20patching%20without%20LKM_by_devik%20&%20sd.txt
 
</pre>
 
</pre>

Revision as of 02:55, 30 April 2010


Disassemble kernel system_call

aptitude -q -y install build-essential
aptitude -q -y install linux-source
gdb -q /usr/src/linux-source-`uname -r`/vmlinux
(gdb) disassemble system_call
Dump of assembler code for function system_call:
0xc0103fa0 <system_call+0>:     push   %eax
0xc0103fa1 <system_call+1>:     cld    
0xc0103fa2 <system_call+2>:     push   %fs
0xc0103fa4 <system_call+4>:     push   %es
0xc0103fa5 <system_call+5>:     push   %ds
0xc0103fa6 <system_call+6>:     push   %eax
0xc0103fa7 <system_call+7>:     push   %ebp
---Type <return> to continue, or q <return> to quit---
   ...
0xc0104065 <ldt_ss+53>: pop    %edi
0xc0104066 <ldt_ss+54>: pop    %eax
0xc0104067 <ldt_ss+55>: lss    (%esp),%esp
0xc010406b <ldt_ss+59>: jmp    0xc010401b <restore_nocheck_notrace>
End of assembler dump.

Phrack article

File:phrack-0x3a-0x07.txt

http://phrack.org/archives/58/p58_0x07_Linux%20on-the-fly%20kernel%20patching%20without%20LKM_by_devik%20&%20sd.txt