delorie.com/archives/browse.cgi   search  
Mail Archives: djgpp-workers/2003/01/09/09:07:05

X-Sybari-Trust: 2e604363 1864f774 d5511081 00000138
From: Martin Stromberg <eplmst AT epl DOT ericsson DOT se>
Message-Id: <200301091407.PAA19196@lws256.lu.erisoft.se>
Subject: Re: stubify
To: djgpp-workers AT delorie DOT com
Date: Thu, 9 Jan 2003 15:06:59 +0100 (MET)
In-Reply-To: <5.0.2.1.2.20030109143051.02a29ba8@ics.u-strasbg.fr> from "Pierre Muller" at Jan 09, 2003 02:42:38 PM
X-Mailer: ELM [version 2.5 PL3]
MIME-Version: 1.0
Reply-To: djgpp-workers AT delorie DOT com
Errors-To: nobody AT delorie DOT com
X-Mailing-List: djgpp-workers AT delorie DOT com
X-Unsubscribes-To: listserv AT delorie DOT com 

Pierre said:
> At 13:22 09/01/2003, Martin Stromberg wrote:
> >#include <unistd.h>
> >
> >int f(int a, int b, int c)
> >{
> >
> >  a = b;
> >  b = c;
> >  c = a;
> >
> >  return 77;
> >}
> >
> >int main(void)
> >{
> >
> >  f(1, 2, 3);
> >  lseek(3, 2, 1);
> >  
> >  return 0;
> >}
> >
> >setting breakpoints on f() and lseek() I see
> >
> >Breakpoint 1, f (a=1, b=586448, c=583968) at d1.c:11
> >11      }
> >(gdb) x/16wx $esp
> >0x8e8b8:        0x0008e8e0      0x00001604      0x00000001      0x00000002
> >0x8e8c8:        0x00000003      0x00000001      0x00000000      0x002a3484
> >0x8e8d8:        0x0008f2d0      0x0008f2d0      0x0008e910      0x00002eeb
> >0x8e8e8:        0x00000001      0x0008f2d0      0x0008e920      0x00000000
> >(gdb) c
> >Continuing.
> >
> >Breakpoint 2, 0x00006f74 in __lseek ()
> >(gdb) x/16wx $esp
> >0x8e8b4:        0x0000027d      0x0008e8e0      0x00001612      0x00000003
> >0x8e8c4:        0x00000002      0x00000001      0x00000001      0x00000000
> >0x8e8d4:        0x002a3484      0x0008f2d0      0x0008f2d0      0x0008e910
> >0x8e8e4:        0x00002eeb      0x00000001      0x0008f2d0      0x0008e920
> >
> >Looking at the first three values: 0x00001604 and 0x00001612 must be
> >the return addresses. 0x0008e8e0 is (probably) ebp. But what is that
> >0x0000027d that snuck in in the call to lseek()?
> 
> 
> If you really want to check this kind oof stuff you should place a 
> breakpoint at the exact location of the start of _lseek function.
> 
> If you set a breakpoint at _lseek, GDB will place this breakpoint after 
> function prologue:
>   this prologue usually contains something like
>    push $ebp
>    movl  $esp, $ebp
> but if some registers are saved like in 'pushl $ebx'
> that instruction is also considered as being part of the function prologue...

Oh it's a feature! _I_ consider the prologue to be push %esp, mov
%ebp, %esp and not more.

If we take the gdb route, then why isn't the following sub $0x60, %esp
included as well (rhetorical question)? That's surely part of the
prologue as well!

> If you want to see the args of a function, they are most of the time 
> at $ebp + 8
> (unless the compiler did not generate a stackframe entry code...)

That's why using esp is a good idea (I don't know for sure what ebp is
used for).


Right,

						MartinS

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019