热门标签
热门文章
- 1unity基础(5)——安装配置Visual Studio_unity安装visual studio2019
- 2turn.js 试用
- 3HarmonyOS开发实战之认证服务 (auth in Serverless by ArkTS)_arkts 用户注册代码
- 4使用Truffle for Vscode插件部署本地智能合约_vscode以太坊开发
- 5微信小程序设置 tabbar icon 大小_微信小程序tabbar图标大小
- 6Vue中使用百度地图Vue Baidu Map —— 获取当前位置_vue3中vue-baidu-map-3x获取当前位置
- 7Mixed Content: The page at ‘<URL>‘ was loaded over HTTPS, but requested an insecure script ‘<URL>‘.
- 8pygame windows下载安装方法_pygame库下载
- 9U3D对话任务插件 Dialogue System for Unity 研究(一)_dialogue system of unity插件介绍
- 10MySQL数据表的约束
当前位置: article > 正文
31 linux 中 用户栈帧 -> 内核栈帧_linux栈帧格式
作者:你好赵伟 | 2024-02-28 17:49:22
赞
踩
linux栈帧格式
前言
比如 我们之前调试的 glibc 相关的库函数
glibc 相关是属于用户程序, 调用 操作系统的系统调用的时候, 会是 怎么样的一个情况呢?
系统调用 会有对应的系统栈帧来处理 系统调用的相关函数调用的堆栈支持
测试用例
我们这里主要是以 printf 中会分配缓冲区调用 malloc 库函数
malloc 库函数 会调用 brk 系统调用, 我们主要是 大致看一下 这个情况
- #include "stdio.h"
-
- int main(int argc, char** argv) {
-
- int x = 4;
- int y = 3;
- int z = x + y;
-
- printf(" x + y = %d\n ", z);
-
- }
elf 的信息如下
- ELF Header:
- Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
- Class: ELF64
- Data: 2's complement, little endian
- Version: 1 (current)
- OS/ABI: UNIX - System V
- ABI Version: 0
- Type: EXEC (Executable file)
- Machine: Advanced Micro Devices X86-64
- Version: 0x1
- Entry point address: 0x400430
- Start of program headers: 64 (bytes into file)
- Start of section headers: 7480 (bytes into file)
- Flags: 0x0
- Size of this header: 64 (bytes)
- Size of program headers: 56 (bytes)
- Number of program headers: 9
- Size of section headers: 64 (bytes)
- Number of section headers: 36
- Section header string table index: 33
-
- Section Headers:
- [Nr] Name Type Address Offset
- Size EntSize Flags Link Info Align
- [ 0] NULL 0000000000000000 00000000
- 0000000000000000 0000000000000000 0 0 0
- [ 1] .interp PROGBITS 0000000000400238 00000238
- 000000000000001c 0000000000000000 A 0 0 1
- [ 2] .note.ABI-tag NOTE 0000000000400254 00000254
- 0000000000000020 0000000000000000 A 0 0 4
- [ 3] .note.gnu.build-i NOTE 0000000000400274 00000274
- 0000000000000024 0000000000000000 A 0 0 4
- [ 4] .gnu.hash GNU_HASH 0000000000400298 00000298
- 000000000000001c 0000000000000000 A 5 0 8
- [ 5] .dynsym DYNSYM 00000000004002b8 000002b8
- 0000000000000060 0000000000000018 A 6 1 8
- [ 6] .dynstr STRTAB 0000000000400318 00000318
- 000000000000003f 0000000000000000 A 0 0 1
- [ 7] .gnu.version VERSYM 0000000000400358 00000358
- 0000000000000008 0000000000000002 A 5 0 2
- [ 8] .gnu.version_r VERNEED 0000000000400360 00000360
- 0000000000000020 0000000000000000 A 6 1 8
- [ 9] .rela.dyn RELA 0000000000400380 00000380
- 0000000000000018 0000000000000018 A 5 0 8
- [10] .rela.plt RELA 0000000000400398 00000398
- 0000000000000030 0000000000000018 AI 5 24 8
- [11] .init PROGBITS 00000000004003c8 000003c8
- 000000000000001a 0000000000000000 AX 0 0 4
- [12] .plt PROGBITS 00000000004003f0 000003f0
- 0000000000000030 0000000000000010 AX 0 0 16
- [13] .plt.got PROGBITS 0000000000400420 00000420
- 0000000000000008 0000000000000000 AX 0 0 8
- [14] .text PROGBITS 0000000000400430 00000430
- 00000000000001b2 0000000000000000 AX 0 0 16
- [15] .fini PROGBITS 00000000004005e4 000005e4
- 0000000000000009 0000000000000000 AX 0 0 4
- [16] .rodata PROGBITS 00000000004005f0 000005f0
- 0000000000000012 0000000000000000 A 0 0 4
- [17] .eh_frame_hdr PROGBITS 0000000000400604 00000604
- 0000000000000034 0000000000000000 A 0 0 4
- [18] .eh_frame PROGBITS 0000000000400638 00000638
- 00000000000000f4 0000000000000000 A 0 0 8
- [19] .init_array INIT_ARRAY 0000000000600e10 00000e10
- 0000000000000008 0000000000000000 WA 0 0 8
- [20] .fini_array FINI_ARRAY 0000000000600e18 00000e18
- 0000000000000008 0000000000000000 WA 0 0 8
- [21] .jcr PROGBITS 0000000000600e20 00000e20
- 0000000000000008 0000000000000000 WA 0 0 8
- [22] .dynamic DYNAMIC 0000000000600e28 00000e28
- 00000000000001d0 0000000000000010 WA 6 0 8
- [23] .got PROGBITS 0000000000600ff8 00000ff8
- 0000000000000008 0000000000000008 WA 0 0 8
- [24] .got.plt PROGBITS 0000000000601000 00001000
- 0000000000000028 0000000000000008 WA 0 0 8
- [25] .data PROGBITS 0000000000601028 00001028
- 0000000000000010 0000000000000000 WA 0 0 8
- [26] .bss NOBITS 0000000000601038 00001038
- 0000000000000008 0000000000000000 WA 0 0 1
- [27] .comment PROGBITS 0000000000000000 00001038
- 0000000000000035 0000000000000001 MS 0 0 1
- [28] .debug_aranges PROGBITS 0000000000000000 0000106d
- 0000000000000030 0000000000000000 0 0 1
- [29] .debug_info PROGBITS 0000000000000000 0000109d
- 00000000000000e2 0000000000000000 0 0 1
- [30] .debug_abbrev PROGBITS 0000000000000000 0000117f
- 000000000000006d 0000000000000000 0 0 1
- [31] .debug_line PROGBITS 0000000000000000 000011ec
- 0000000000000043 0000000000000000 0 0 1
- [32] .debug_str PROGBITS 0000000000000000 0000122f
- 00000000000000e0 0000000000000001 MS 0 0 1
- [33] .shstrtab STRTAB 0000000000000000 00001bea
- 000000000000014c 0000000000000000 0 0 1
- [34] .symtab SYMTAB 0000000000000000 00001310
- 00000000000006c0 0000000000000018 35 52 8
- [35] .strtab STRTAB 0000000000000000 000019d0
- 000000000000021a 0000000000000000 0 0 1
- Key to Flags:
- W (write), A (alloc), X (execute), M (merge), S (strings), l (large)
- I (info), L (link order), G (group), T (TLS), E (exclude), x (unknown)
- O (extra OS processing required) o (OS specific), p (processor specific)
-
- There are no section groups in this file.
-
- Program Headers:
- Type Offset VirtAddr PhysAddr
- FileSiz MemSiz Flags Align
- PHDR 0x0000000000000040 0x0000000000400040 0x0000000000400040
- 0x00000000000001f8 0x00000000000001f8 R E 8
- INTERP 0x0000000000000238 0x0000000000400238 0x0000000000400238
- 0x000000000000001c 0x000000000000001c R 1
- [Requesting program interpreter: /lib64/ld-linux-x86-64.so.2]
- LOAD 0x0000000000000000 0x0000000000400000 0x0000000000400000
- 0x000000000000072c 0x000000000000072c R E 200000
- LOAD 0x0000000000000e10 0x0000000000600e10 0x0000000000600e10
- 0x0000000000000228 0x0000000000000230 RW 200000
- DYNAMIC 0x0000000000000e28 0x0000000000600e28 0x0000000000600e28
- 0x00000000000001d0 0x00000000000001d0 RW 8
- NOTE 0x0000000000000254 0x0000000000400254 0x0000000000400254
- 0x0000000000000044 0x0000000000000044 R 4
- GNU_EH_FRAME 0x0000000000000604 0x0000000000400604 0x0000000000400604
- 0x0000000000000034 0x0000000000000034 R 4
- GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000
- 0x0000000000000000 0x0000000000000000 RW 10
- GNU_RELRO 0x0000000000000e10 0x0000000000600e10 0x0000000000600e10
- 0x00000000000001f0 0x00000000000001f0 R 1
-
- Section to Segment mapping:
- Segment Sections...
- 00
- 01 .interp
- 02 .interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt .init .plt .plt.got .text .fini .rodata .eh_frame_hdr .eh_frame
- 03 .init_array .fini_array .jcr .dynamic .got .got.plt .data .bss
- 04 .dynamic
- 05 .note.ABI-tag .note.gnu.build-id
- 06 .eh_frame_hdr
- 07
- 08 .init_array .fini_array .jcr .dynamic .got
-
- Dynamic section at offset 0xe28 contains 24 entries:
- Tag Type Name/Value
- 0x0000000000000001 (NEEDED) Shared library: [libc.so.6]
- 0x000000000000000c (INIT) 0x4003c8
- 0x000000000000000d (FINI) 0x4005e4
- 0x0000000000000019 (INIT_ARRAY) 0x600e10
- 0x000000000000001b (INIT_ARRAYSZ) 8 (bytes)
- 0x000000000000001a (FINI_ARRAY) 0x600e18
- 0x000000000000001c (FINI_ARRAYSZ) 8 (bytes)
- 0x000000006ffffef5 (GNU_HASH) 0x400298
- 0x0000000000000005 (STRTAB) 0x400318
- 0x0000000000000006 (SYMTAB) 0x4002b8
- 0x000000000000000a (STRSZ) 63 (bytes)
- 0x000000000000000b (SYMENT) 24 (bytes)
- 0x0000000000000015 (DEBUG) 0x0
- 0x0000000000000003 (PLTGOT) 0x601000
- 0x0000000000000002 (PLTRELSZ) 48 (bytes)
- 0x0000000000000014 (PLTREL) RELA
- 0x0000000000000017 (JMPREL) 0x400398
- 0x0000000000000007 (RELA) 0x400380
- 0x0000000000000008 (RELASZ) 24 (bytes)
- 0x0000000000000009 (RELAENT) 24 (bytes)
- 0x000000006ffffffe (VERNEED) 0x400360
- 0x000000006fffffff (VERNEEDNUM) 1
- 0x000000006ffffff0 (VERSYM) 0x400358
- 0x0000000000000000 (NULL) 0x0
-
- Relocation section '.rela.dyn' at offset 0x380 contains 1 entries:
- Offset Info Type Sym. Value Sym. Name + Addend
- 000000600ff8 000300000006 R_X86_64_GLOB_DAT 0000000000000000 __gmon_start__ + 0
-
- Relocation section '.rela.plt' at offset 0x398 contains 2 entries:
- Offset Info Type Sym. Value Sym. Name + Addend
- 000000601018 000100000007 R_X86_64_JUMP_SLO 0000000000000000 printf@GLIBC_2.2.5 + 0
- 000000601020 000200000007 R_X86_64_JUMP_SLO 0000000000000000 __libc_start_main@GLIBC_2.2.5 + 0
-
- The decoding of unwind sections for machine type Advanced Micro Devices X86-64 is not currently supported.
-
- Symbol table '.dynsym' contains 4 entries:
- Num: Value Size Type Bind Vis Ndx Name
- 0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND
- 1: 0000000000000000 0 FUNC GLOBAL DEFAULT UND printf@GLIBC_2.2.5 (2)
- 2: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@GLIBC_2.2.5 (2)
- 3: 0000000000000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__
-
- Symbol table '.symtab' contains 72 entries:
- Num: Value Size Type Bind Vis Ndx Name
- 0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND
- 1: 0000000000400238 0 SECTION LOCAL DEFAULT 1
- 2: 0000000000400254 0 SECTION LOCAL DEFAULT 2
- 3: 0000000000400274 0 SECTION LOCAL DEFAULT 3
- 4: 0000000000400298 0 SECTION LOCAL DEFAULT 4
- 5: 00000000004002b8 0 SECTION LOCAL DEFAULT 5
- 6: 0000000000400318 0 SECTION LOCAL DEFAULT 6
- 7: 0000000000400358 0 SECTION LOCAL DEFAULT 7
- 8: 0000000000400360 0 SECTION LOCAL DEFAULT 8
- 9: 0000000000400380 0 SECTION LOCAL DEFAULT 9
- 10: 0000000000400398 0 SECTION LOCAL DEFAULT 10
- 11: 00000000004003c8 0 SECTION LOCAL DEFAULT 11
- 12: 00000000004003f0 0 SECTION LOCAL DEFAULT 12
- 13: 0000000000400420 0 SECTION LOCAL DEFAULT 13
- 14: 0000000000400430 0 SECTION LOCAL DEFAULT 14
- 15: 00000000004005e4 0 SECTION LOCAL DEFAULT 15
- 16: 00000000004005f0 0 SECTION LOCAL DEFAULT 16
- 17: 0000000000400604 0 SECTION LOCAL DEFAULT 17
- 18: 0000000000400638 0 SECTION LOCAL DEFAULT 18
- 19: 0000000000600e10 0 SECTION LOCAL DEFAULT 19
- 20: 0000000000600e18 0 SECTION LOCAL DEFAULT 20
- 21: 0000000000600e20 0 SECTION LOCAL DEFAULT 21
- 22: 0000000000600e28 0 SECTION LOCAL DEFAULT 22
- 23: 0000000000600ff8 0 SECTION LOCAL DEFAULT 23
- 24: 0000000000601000 0 SECTION LOCAL DEFAULT 24
- 25: 0000000000601028 0 SECTION LOCAL DEFAULT 25
- 26: 0000000000601038 0 SECTION LOCAL DEFAULT 26
- 27: 0000000000000000 0 SECTION LOCAL DEFAULT 27
- 28: 0000000000000000 0 SECTION LOCAL DEFAULT 28
- 29: 0000000000000000 0 SECTION LOCAL DEFAULT 29
- 30: 0000000000000000 0 SECTION LOCAL DEFAULT 30
- 31: 0000000000000000 0 SECTION LOCAL DEFAULT 31
- 32: 0000000000000000 0 SECTION LOCAL DEFAULT 32
- 33: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtstuff.c
- 34: 0000000000600e20 0 OBJECT LOCAL DEFAULT 21 __JCR_LIST__
- 35: 0000000000400460 0 FUNC LOCAL DEFAULT 14 deregister_tm_clones
- 36: 00000000004004a0 0 FUNC LOCAL DEFAULT 14 register_tm_clones
- 37: 00000000004004e0 0 FUNC LOCAL DEFAULT 14 __do_global_dtors_aux
- 38: 0000000000601038 1 OBJECT LOCAL DEFAULT 26 completed.7594
- 39: 0000000000600e18 0 OBJECT LOCAL DEFAULT 20 __do_global_dtors_aux_fin
- 40: 0000000000400500 0 FUNC LOCAL DEFAULT 14 frame_dummy
- 41: 0000000000600e10 0 OBJECT LOCAL DEFAULT 19 __frame_dummy_init_array_
- 42: 0000000000000000 0 FILE LOCAL DEFAULT ABS Test01Sum.c
- 43: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtstuff.c
- 44: 0000000000400728 0 OBJECT LOCAL DEFAULT 18 __FRAME_END__
- 45: 0000000000600e20 0 OBJECT LOCAL DEFAULT 21 __JCR_END__
- 46: 0000000000000000 0 FILE LOCAL DEFAULT ABS
- 47: 0000000000600e18 0 NOTYPE LOCAL DEFAULT 19 __init_array_end
- 48: 0000000000600e28 0 OBJECT LOCAL DEFAULT 22 _DYNAMIC
- 49: 0000000000600e10 0 NOTYPE LOCAL DEFAULT 19 __init_array_start
- 50: 0000000000400604 0 NOTYPE LOCAL DEFAULT 17 __GNU_EH_FRAME_HDR
- 51: 0000000000601000 0 OBJECT LOCAL DEFAULT 24 _GLOBAL_OFFSET_TABLE_
- 52: 00000000004005e0 2 FUNC GLOBAL DEFAULT 14 __libc_csu_fini
- 53: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_deregisterTMCloneTab
- 54: 0000000000601028 0 NOTYPE WEAK DEFAULT 25 data_start
- 55: 0000000000601038 0 NOTYPE GLOBAL DEFAULT 25 _edata
- 56: 00000000004005e4 0 FUNC GLOBAL DEFAULT 15 _fini
- 57: 0000000000000000 0 FUNC GLOBAL DEFAULT UND printf@@GLIBC_2.2.5
- 58: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@@GLIBC_
- 59: 0000000000601028 0 NOTYPE GLOBAL DEFAULT 25 __data_start
- 60: 0000000000000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__
- 61: 0000000000601030 0 OBJECT GLOBAL HIDDEN 25 __dso_handle
- 62: 00000000004005f0 4 OBJECT GLOBAL DEFAULT 16 _IO_stdin_used
- 63: 0000000000400570 101 FUNC GLOBAL DEFAULT 14 __libc_csu_init
- 64: 0000000000601040 0 NOTYPE GLOBAL DEFAULT 26 _end
- 65: 0000000000400430 42 FUNC GLOBAL DEFAULT 14 _start
- 66: 0000000000601038 0 NOTYPE GLOBAL DEFAULT 26 __bss_start
- 67: 0000000000400526 67 FUNC GLOBAL DEFAULT 14 main
- 68: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _Jv_RegisterClasses
- 69: 0000000000601038 0 OBJECT GLOBAL HIDDEN 25 __TMC_END__
- 70: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_registerTMCloneTable
- 71: 00000000004003c8 0 FUNC GLOBAL DEFAULT 11 _init
-
- Version symbols section '.gnu.version' contains 4 entries:
- Addr: 0000000000400358 Offset: 0x000358 Link: 5 (.dynsym)
- 000: 0 (*local*) 2 (GLIBC_2.2.5) 2 (GLIBC_2.2.5) 0 (*local*)
-
- Version needs section '.gnu.version_r' contains 1 entries:
- Addr: 0x0000000000400360 Offset: 0x000360 Link: 6 (.dynstr)
- 000000: Version: 1 File: libc.so.6 Cnt: 1
- 0x0010: Name: GLIBC_2.2.5 Flags: none Version: 2
-
- Displaying notes found at file offset 0x00000254 with length 0x00000020:
- Owner Data size Description
- GNU 0x00000010 NT_GNU_ABI_TAG (ABI version tag)
- OS: Linux, ABI: 2.6.32
-
- Displaying notes found at file offset 0x00000274 with length 0x00000024:
- Owner Data size Description
- GNU 0x00000014 NT_GNU_BUILD_ID (unique build ID bitstring)
我们这里主要是以 如下流程 来看一下 这个过程
我们这里 核心关注 内核栈帧相关
系统调用堆栈信息如下
内核栈帧 高地址有一个值为 0x00007ffeb8fe14a8
这个对应的就是 用户栈帧 中的相关需要保存的寄存器, 存储在了 内核栈帧
以下 内核栈帧数据分析来自于函数 entry_SYSCALL_64, SYSC_brk, do_brk
然后 系统调用完成之后, 根据 存储的 用户栈帧 信息, 恢复用户栈帧 相关寄存器信息
另外可以看到的一个问题就是 clion 中对于函数调用栈的分析描述, 上面实际上是有问题的, caller 应该是 glibc 中的 brk.c 中的 brk 系统调用的地方, 不是这里的 0x4005fd, 这个 0x4005fd 仅仅是 entry_SYSCALL_64 中的一个局部变量
- -- main
- (gdb) info registers
- rax 0x0 0
- rbx 0x615000 6377472
- rcx 0xffff88007f5b4f80 -131939258642560
- rdx 0xffff88007f5b4f80 -131939258642560
- rsi 0x22000 139264
- rdi 0x615000 6377472
- rbp 0x22000 0x22000
- rsp 0xffffc900005dbf60 0xffffc900005dbf60
- rip 0x4005fd 0x4005fd
-
-
- -- SYSCALL, push 0x00000000004005fd
- (gdb) info registers
- rax 0x0 0
- rbx 0x615000 6377472
- rcx 0xffff88007f5b4f80 -131939258642560
- rdx 0xffff88007f5b4f80 -131939258642560
- rsi 0x22000 139264
- rdi 0x615000 6377472
- rbp 0x22000 0x22000
- rsp 0xffffc900005dbf58 0xffffc900005dbf58
- rip 0xffffffff8185c7bb 0xffffffff8185c7bb <entry_SYSCALL_64+107>
-
-
- - SYS_brk
- (gdb) info registers
- rax 0x0 0
- rbx 0x637000 6516736
- rcx 0xffff88007f5b4f80 -131939258642560
- rdx 0xffff88007f5b4f80 -131939258642560
- rsi 0x22000 139264
- rdi 0x615000 6377472
- rbp 0xffffc900005dbf48 0xffffc900005dbf48
- rsp 0xffffc900005dbf18 0xffffc900005dbf18
- rip 0xffffffff811dd3b0 0xffffffff811dd3b0 <SyS_brk+351>
-
-
-
- -- SYSC_brk
- (gdb) info registers
- rax 0x0 0
- rbx 0x1a21000 27398144
- rcx 0xffff88007f5b4f80 -131939258642560
- rdx 0xffff88007f5b4f80 -131939258642560
- rsi 0x22000 139264
- rdi 0x19ff000 27258880
- rbp 0xffffc900005dbf48 0xffffc900005dbf48
- rsp 0xffffc900005dbf18 0xffffc900005dbf18
- rip 0xffffffff811dd3b0 0xffffffff811dd3b0 <SyS_brk+351>
-
-
- -- do_brk
- (gdb) info registers
- rax 0x0 0
- rbx 0x22000 139264
- rcx 0xffff88007f5b4f80 -131939258642560
- rdx 0xffff88007f5b4f80 -131939258642560
- rsi 0x22000 139264
- rdi 0x19ff000 27258880
- rbp 0xffffc900005dbf08 0xffffc900005dbf08
- rsp 0xffffc900005dbe88 0xffffc900005dbe88
- rip 0xffffffff811dceea 0xffffffff811dceea <do_brk+60>
-
-
-
-
- -- 内核栈帧
- (gdb) x /100gx 0xffffc900005dbe88
- 0xffffc900005dbe88: 0xffffc900005dbec8 0xffffffff8150aaa9 do_brk_locals
- 0xffffc900005dbe98: 0x00000000b8fe1680 0x0000000000000000 do_brk_locals
- 0xffffc900005dbea8: 0x00007ffeb8fe15f0 0xffff88007fb0e700 do_brk_locals
- 0xffffc900005dbeb8: 0x0000000000000001 0xffffc900005dbee0 do_brk_locals
- 0xffffc900005dbec8: 0xffffffff811cc774 0x00000000019ff000 do_brk_locals
- 0xffffc900005dbed8: 0x00000000f42e5e76 0x0000000001a21000 do_brk_locals, rbx
- 0xffffc900005dbee8: 0xffff88007f7d4800 0xffff88007f7d4868 r12, r13
- 0xffffc900005dbef8: 0x0000000001a21000 0x00000000019ff000 r14, r15
- 0xffffc900005dbf08: 0xffffc900005dbf48 0xffffffff811dd3b0 rbp, SYSC_brk's returnAddress
- 0xffffc900005dbf18: 0x0000000001a22000 0x00000000019ff000 SYSC_brk_locals, rbx
- 0xffffc900005dbf28: 0x00007f0d0e0c4f58 0x00007f0d0e0c2b78 r12, r13
- 0xffffc900005dbf38: 0x0000000000022000 0x0000000000022000 r14, r15
- 0xffffc900005dbf48: 0x0000000000022000 0xffffffff8185c7bb rbp, entry_SYSCALL_64_locals's returnAddress
- 0xffffc900005dbf58: 0x00000000004005fd 0x0000000000000000 entry_SYSCALL_64_locals
- 0xffffc900005dbf68: 0x00000000004005f4 0x0000000000000009 entry_SYSCALL_64_locals
- 0xffffc900005dbf78: 0x00007f0d0e0c3620 0x00007f0d0e0c3620 entry_SYSCALL_64_locals
- 0xffffc900005dbf88: 0x0000000000000246 0x00007f0d0e0c2b78 r11, r10
- 0xffffc900005dbf98: 0x000000000000000d 0x00007f0d0ddaa9b0 r9, r8
- 0xffffc900005dbfa8: 0xffffffffffffffda 0x00007f0d0ddfaf19 ax, cx
- 0xffffc900005dbfb8: 0x00000000019ff000 0x00007f0d0e0c2b20 dx, si
- 0xffffc900005dbfc8: 0x0000000001a21000 0x000000000000000c di, orig_ax
- 0xffffc900005dbfd8: 0x00007f0d0ddfaf19 0x0000000000000033 ip, cs
- 0xffffc900005dbfe8: 0x0000000000000246 0x00007ffeb8fe14a8 flags, sp
- 0xffffc900005dbff8: 0x000000000000002b Cannot access memory at address 0xffffc900005dc000 ss
-
-
-
-
-
- -- 用户栈帧
- (gdb) x /400gx 0x00007ffeb8fe14a8
- 0x7ffeb8fe14a8: 0x00007f0d0ddfaff9 0x00007f0d0e0c2b20
- 0x7ffeb8fe14b8: 0x0000000000001010 0x0000000000000000
- 0x7ffeb8fe14c8: 0x00007f0d0dd85949 0x0000000000000000
- 0x7ffeb8fe14d8: 0x00007f0d0dd7f645 0x0000000000000000
- 0x7ffeb8fe14e8: 0x0000000000001030 0x0000000000000fff
- 0x7ffeb8fe14f8: 0xfffffffffffff000 0x00007f0d0e0c2b78
- 0x7ffeb8fe1508: 0x0000000000002000 0x0000000000000000
- 0x7ffeb8fe1518: 0x0000000000000000 0x00007ffeb8fe1340
- 0x7ffeb8fe1528: 0x00007f0d0dd148af 0x0000000000000000
- 0x7ffeb8fe1538: 0x00007f0d0e0d0a9d 0x00000001b8fe16e0
- 0x7ffeb8fe1548: 0x00007f0d0e0c2b20 0x0000000000001010
- 0x7ffeb8fe1558: 0x0000000000002710 0x00007f0d0e0c2b78
- 0x7ffeb8fe1568: 0x00007f0d0e0c2b78 0x00000000004005fd
- 0x7ffeb8fe1578: 0x00007f0d0dd80763 0x00007f0d00000063
- 0x7ffeb8fe1588: 0x0000000000001000 0x00007ffeb8fe1600
- 0x7ffeb8fe1598: 0x00007f0d0de4148b 0x0000000000000000
- 0x7ffeb8fe15a8: 0x00007ffeb8fe1608 0xffff80014701ea01
- 0x7ffeb8fe15b8: 0x00007ffeb8fe15ff 0x0000000000000040
- 0x7ffeb8fe15c8: 0x0000007000000101 0x0000000000000008
- 0x7ffeb8fe15d8: 0x0000000000000001 0x0000006f00000063
- 0x7ffeb8fe15e8: 0x0000000000000000 0x0000000000000000
- 0x7ffeb8fe15f8: 0x0000007c00000077 0x010004157f1c0300
- 0x7ffeb8fe1608: 0x00007f0d0e2eb000 0x00007f0d0e2efd60
- 0x7ffeb8fe1618: 0x00007f0d0dcfe000 0x0000000000000000
- 0x7ffeb8fe1628: 0x00007f0d0e0c2b20 0x0000000000001000
- 0x7ffeb8fe1638: 0x0000000000000000 0x00000000004005f4
- 0x7ffeb8fe1648: 0x0000000000000000 0x00000000004005fd
- 0x7ffeb8fe1658: 0x00007f0d0dd83908 0x0000000db8fe1600
- 0x7ffeb8fe1668: 0x0000000000001000 0x00007f0d0e0c3620
- 0x7ffeb8fe1678: 0x00007f0d0dd6b1e5 0x0000000000000006
- 0x7ffeb8fe1688: 0x0000000000001cef 0x0000000000000001
- 0x7ffeb8fe1698: 0x0000000000002180 0x0000000000000000
- 0x7ffeb8fe16a8: 0x0000000000000501 0x0000000000000000
- 0x7ffeb8fe16b8: 0x0000000000001000 0x0000000000000000
- 0x7ffeb8fe16c8: 0x00000000638af0e8 0x0000000011d151ee
- 0x7ffeb8fe16d8: 0x00000000638af0e8 0x0000000011d151ee
- 0x7ffeb8fe16e8: 0x00000000638af073 0x0000000011d151ee
- 0x7ffeb8fe16f8: 0x0000000000000000 0x0000000000000000
- 0x7ffeb8fe1708: 0x0000000000000000 0x00007f0d0e0c3620
- 0x7ffeb8fe1718: 0x00000000ffffffff 0x0000000000000009
- 0x7ffeb8fe1728: 0x00007f0d0dd795a4 0x00007f0d0e0c3620
- 0x7ffeb8fe1738: 0x00000000ffffffff 0x0000000000000009
- 0x7ffeb8fe1748: 0x00007f0d0dd78908 0x00007f0d0e0c3620
- 0x7ffeb8fe1758: 0x0000000000000009 0x0000000000000009
- 0x7ffeb8fe1768: 0x00007f0d0dd7729d 0x0000000000196760
- 0x7ffeb8fe1778: 0x00007f0d0e0c3620 0x00007ffeb8fe1d20
- 0x7ffeb8fe1788: 0x00000000004005f4 0x00007ffeb8fe1d38
- 0x7ffeb8fe1798: 0x0000000000000000 0x00000000004005fd
- 0x7ffeb8fe17a8: 0x00007f0d0dd4b251 0x0000000000000000
- 0x7ffeb8fe17b8: 0x00000000001bfbe8 0x00000000001bfbe8
- 0x7ffeb8fe17c8: 0x0000000000200000 0x0000000600000001
- 0x7ffeb8fe17d8: 0x00000000001c07c0 0x00000000003c07c0
- 0x7ffeb8fe17e8: 0x00000000003c07c0 0x0000000000004f60
- 0x7ffeb8fe17f8: 0x00000000000091e0 0x0000000000200000
- 0x7ffeb8fe1808: 0x0000000600000002 0x00000000001c3ba0
- 0x7ffeb8fe1818: 0x00000000003c3ba0 0x00000000003c3ba0
- 0x7ffeb8fe1828: 0x00000000000001e0 0x00000000000001e0
- 0x7ffeb8fe1838: 0x0000000000000008 0x0000000400000004
- 0x7ffeb8fe1848: 0x0000000000000270 0x0000000000000270
- 0x7ffeb8fe1858: 0x0000000000000270 0x0000000000000044
- 0x7ffeb8fe1868: 0x0000000000000044 0x0000000000000009
- 0x7ffeb8fe1878: 0x0000000000000007 0x00000000001c07c0
- 0x7ffeb8fe1888: 0x00000000004005fd 0x00000000003c07c0
- 0x7ffeb8fe1898: 0x0000000000000010 0x0000000000000078
- 0x7ffeb8fe18a8: 0x0000000000000008 0x000000046474e550
- 0x7ffeb8fe18b8: 0x000000000019677c 0x000000000019677c
- 0x7ffeb8fe18c8: 0x0000003000000008 0x00007ffeb8fe1e10
- 0x7ffeb8fe18d8: 0x00007ffeb8fe1d50 0x00007f0d0dd69490
- 0x7ffeb8fe18e8: 0x00007f0d0e0c3620 0x0000000000000000
- 0x7ffeb8fe18f8: 0x0000000000000000 0x0000000000000000
- 0x7ffeb8fe1908: 0x00007ffeb8fe1cc0 0x00007ffeb8fe1d20
- 0x7ffeb8fe1918: 0x00007f0d0e0d1e44 0x00007f0d0e2eb000
- 0x7ffeb8fe1928: 0x000000000000025b 0x00007f0d0e2eb000
- 0x7ffeb8fe1938: 0x00007f0d0dd01d80 0x00007f0d0dd0eff8
- 0x7ffeb8fe1948: 0x00007f0d0e0d267b 0x000000000000025b
- 0x7ffeb8fe1958: 0x00007f0d0dd0eff8 0x00007f0d0e2eb000
- 0x7ffeb8fe1968: 0x00007ffeb8fe1a08 0x00007ffeb8fe1a04
- 0x7ffeb8fe1978: 0x00007f0d0e0d2011 0x00007f0d0e0d5bb0
- 0x7ffeb8fe1988: 0x0000000000400323 0x00000000004002d0
- 0x7ffeb8fe1998: 0x00007ffeb8fe1a08 0x00000000156b2bb8
- 0x7ffeb8fe19a8: 0x000000000055acae 0x00007f0d00000038
- 0x7ffeb8fe19b8: 0x00007ffeb8fe1ae0 0x00007f0d0dd0eff8
- 0x7ffeb8fe19c8: 0x00007f0d0dd01d80 0x00007ffeb8fe1a04
- 0x7ffeb8fe19d8: 0x00007ffeb8fe1ad0 0x00007f0d0e2eb508
- 0x7ffeb8fe19e8: 0x00007f0d00000000 0x0000000000000003
- 0x7ffeb8fe19f8: 0x00007f0d0e0c8758 0x000000000e0c8450
- 0x7ffeb8fe1a08: 0x0000000000000000 0x000000003de00ec7
- 0x7ffeb8fe1a18: 0x00007f0d0e2ef4c0 0x00007ffeb8fe1b70
- 0x7ffeb8fe1a28: 0x00007f0d0e2eb550 0x0000000000000000
- 0x7ffeb8fe1a38: 0x00007f0d0e2ef168 0x00007ffeb8fe1b98
- 0x7ffeb8fe1a48: 0x00007f0d0e0d2b4f 0x0000000000000001
- 0x7ffeb8fe1a58: 0x00007f0d0e2eb550 0x0000000000000001
- 0x7ffeb8fe1a68: 0x0000000000000000 0x0000000000000001
- 0x7ffeb8fe1a78: 0x00007f0d0e2ef168 0x00000000004002e8
- 0x7ffeb8fe1a88: 0x00007ffeb8fe1af8 0x00000000f63d4e2e
- 0x7ffeb8fe1a98: 0x0000000000000000 0x00007f0d0e2ef4c0
- 0x7ffeb8fe1aa8: 0x00007ffeb8fe1ae0 0x000000010dd0eff8
- 0x7ffeb8fe1ab8: 0x00007ffeb8fe1ad0 0x00000000156b2bb8
- 0x7ffeb8fe1ac8: 0x0000000000400323 0x00000000ffffffff
- 0x7ffeb8fe1ad8: 0x0000000000000000 0x00007f0d0dd05608
- 0x7ffeb8fe1ae8: 0x00007f0d0e2eb000 0x0000000000000000
- 0x7ffeb8fe1af8: 0x0000000000000000 0x0000000000600e28
- 0x7ffeb8fe1b08: 0x00007f0d0e2ef4c0 0x00007ffeb8fe1c60
- 0x7ffeb8fe1b18: 0x00007f0d0e2eb550 0x0000000000000000
- 0x7ffeb8fe1b28: 0x00007f0d0e2ef168 0x00007ffeb8fe1c88
- 0x7ffeb8fe1b38: 0x00007f0d0e0d2b4f 0x0000000000000001
- 0x7ffeb8fe1b48: 0x0000000000601018 0x0000000000400430
- 0x7ffeb8fe1b58: 0x00007ffeb8fe1f10 0x0000000000000000
- 0x7ffeb8fe1b68: 0x0000000000000000 0x00007ffeb8fe1e30
- 0x7ffeb8fe1b78: 0x00007f0d0e0d7b06 0x0000000000000001
- 0x7ffeb8fe1b88: 0x0000000000000000 0x00007f0d0e2ef4c0
- 0x7ffeb8fe1b98: 0x00007f0d0dd05608 0x00007ffeb8fe1df0
- 0x7ffeb8fe1ba8: 0x00007f0d0e0dfe03 0x0000000000000000
- 0x7ffeb8fe1bb8: 0x0000000000000000 0x0000000000000002
- 0x7ffeb8fe1bc8: 0x0000000000000005 0x00000000004005f4
- 0x7ffeb8fe1bd8: 0x00000000004005e0 0x00007f0d0e0d8af0
- 0x7ffeb8fe1be8: 0x00007ffeb8fe1c88 0x000000000000037f
- 0x7ffeb8fe1bf8: 0x0000000000000000 0x0000000000000000
- 0x7ffeb8fe1c08: 0x0000ffff00001f80 0x0000000000000000
- 0x7ffeb8fe1c18: 0x00007ffeb8fe0000 0x0000000000000000
- 0x7ffeb8fe1c28: 0x0000000001950000 0x0000000000000000
- 0x7ffeb8fe1c38: 0x0000000000600000 0x0000000000000000
- 0x7ffeb8fe1c48: 0x00007ffeb8fe0000 0x0000000000000000
- 0x7ffeb8fe1c58: 0x0000000000000000 0x0000000000000000
- 0x7ffeb8fe1c68: 0x00007f0d0e0d0000 0x0000000000000000
- 0x7ffeb8fe1c78: 0x0000000000000000 0x0000000000000000
- 0x7ffeb8fe1c88: 0x00007f0d0dd00000 0x000000000000ff00
- 0x7ffeb8fe1c98: 0x0000000000000000 0x2f2f2f2f2f2f2f2f
- 0x7ffeb8fe1ca8: 0x2f2f2f2f2f2f2f2f 0x0000000000000000
- 0x7ffeb8fe1cb8: 0x0000000000000000 0x0000000000000000
- 0x7ffeb8fe1cc8: 0x00000000ff000000 0x5f5f00656d697474
- 0x7ffeb8fe1cd8: 0x7465675f6f736476 0x0000000000000000
- 0x7ffeb8fe1ce8: 0x0000000000000000 0x0000000000000000
- 0x7ffeb8fe1cf8: 0x0000000000000000 0x0000000000400430
- 0x7ffeb8fe1d08: 0x00007ffeb8fe1f10 0x0000000000000000
- 0x7ffeb8fe1d18: 0x0000000000000000 0x00007ffeb8fe1e30
- 0x7ffeb8fe1d28: 0x00007f0d0dd538a9 0x0000000000000000
- 0x7ffeb8fe1d38: 0x0000003000000008 0x00007ffeb8fe1e10
- 0x7ffeb8fe1d48: 0x00007ffeb8fe1d50 0x0000000000000000
- 0x7ffeb8fe1d58: 0x0000000000000005 0x0000000000000002
- 0x7ffeb8fe1d68: 0x0000000000000000 0x00000000004005e0
- 0x7ffeb8fe1d78: 0x00007f0d0e0d8af0 0x0000000000000000
- 0x7ffeb8fe1d88: 0x0000000000000000 0x2f2f2f2f2f2f2f2f
- 0x7ffeb8fe1d98: 0x2f2f2f2f2f2f2f2f 0x0000000000000000
- 0x7ffeb8fe1da8: 0x0000000000000000 0x0000000000000000
- 0x7ffeb8fe1db8: 0x00000000ff000000 0x5f5f00656d697474
- 0x7ffeb8fe1dc8: 0x7465675f6f736476 0x0000000000000000
- 0x7ffeb8fe1dd8: 0x0000000000000000 0x0000000000000000
- 0x7ffeb8fe1de8: 0x0000000000000000 0x0000000000000000
- 0x7ffeb8fe1df8: 0x00007f0d0e2ef168 0x0000000000000000
- 0x7ffeb8fe1e08: 0x0000000000400562 0x00007ffeb8fe1f18
- 0x7ffeb8fe1e18: 0x0000000100400430 0x00000002b8fe1f10
- 0x7ffeb8fe1e28: 0x0000000500000003 0x0000000000400570
- 0x7ffeb8fe1e38: 0x00007f0d0dd1e840 0x0000000000000000
- 0x7ffeb8fe1e48: 0x00007ffeb8fe1f18 0x0000000100000000
- 0x7ffeb8fe1e58: 0x0000000000400526 0x0000000000000000
- 0x7ffeb8fe1e68: 0xe3660fab9d01d4e3 0x0000000000400430
- 0x7ffeb8fe1e78: 0x00007ffeb8fe1f10 0x0000000000000000
- 0x7ffeb8fe1e88: 0x0000000000000000 0x1c9b7ed7ab61d4e3
- 0x7ffeb8fe1e98: 0x1d7c14885811d4e3 0x0000000000000000
- 0x7ffeb8fe1ea8: 0x0000000000000000 0x0000000000000000
- 0x7ffeb8fe1eb8: 0x00007ffeb8fe1f28 0x00007f0d0e2ef168
- 0x7ffeb8fe1ec8: 0x00007f0d0e0d880b 0x0000000000000000
- 0x7ffeb8fe1ed8: 0x0000000000000000 0x0000000000400430
- 0x7ffeb8fe1ee8: 0x00007ffeb8fe1f10 0x0000000000000000
- 0x7ffeb8fe1ef8: 0x0000000000400459 0x00007ffeb8fe1f08
- 0x7ffeb8fe1f08: 0x000000000000001c 0x0000000000000001
- 0x7ffeb8fe1f18: 0x00007ffeb8fe2e07 0x0000000000000000
关于上面内核栈帧 我们需要关注的主要有 orig_ax, 为该系统调用的系统调用号
比如我们这里 的 brk 系统调用, 系统调用号为 12, 0x000c
- -- 内核栈帧
- (gdb) x /100gx 0xffffc900005dbe88
- 0xffffc900005dbe88: 0xffffc900005dbec8 0xffffffff8150aaa9 do_brk_locals
- 0xffffc900005dbe98: 0x00000000b8fe1680 0x0000000000000000 do_brk_locals
- 0xffffc900005dbea8: 0x00007ffeb8fe15f0 0xffff88007fb0e700 do_brk_locals
- 0xffffc900005dbeb8: 0x0000000000000001 0xffffc900005dbee0 do_brk_locals
- 0xffffc900005dbec8: 0xffffffff811cc774 0x00000000019ff000 do_brk_locals
- 0xffffc900005dbed8: 0x00000000f42e5e76 0x0000000001a21000 do_brk_locals, rbx
- 0xffffc900005dbee8: 0xffff88007f7d4800 0xffff88007f7d4868 r12, r13
- 0xffffc900005dbef8: 0x0000000001a21000 0x00000000019ff000 r14, r15
- 0xffffc900005dbf08: 0xffffc900005dbf48 0xffffffff811dd3b0 rbp, SYSC_brk's returnAddress
- 0xffffc900005dbf18: 0x0000000001a22000 0x00000000019ff000 SYSC_brk_locals, rbx
- 0xffffc900005dbf28: 0x00007f0d0e0c4f58 0x00007f0d0e0c2b78 r12, r13
- 0xffffc900005dbf38: 0x0000000000022000 0x0000000000022000 r14, r15
- 0xffffc900005dbf48: 0x0000000000022000 0xffffffff8185c7bb rbp, entry_SYSCALL_64_locals's returnAddress
- 0xffffc900005dbf58: 0x00000000004005fd 0x0000000000000000 entry_SYSCALL_64_locals
- 0xffffc900005dbf68: 0x00000000004005f4 0x0000000000000009 entry_SYSCALL_64_locals
- 0xffffc900005dbf78: 0x00007f0d0e0c3620 0x00007f0d0e0c3620 entry_SYSCALL_64_locals
- 0xffffc900005dbf88: 0x0000000000000246 0x00007f0d0e0c2b78 r11, r10
- 0xffffc900005dbf98: 0x000000000000000d 0x00007f0d0ddaa9b0 r9, r8
- 0xffffc900005dbfa8: 0xffffffffffffffda 0x00007f0d0ddfaf19 ax, cx
- 0xffffc900005dbfb8: 0x00000000019ff000 0x00007f0d0e0c2b20 dx, si
- 0xffffc900005dbfc8: 0x0000000001a21000 0x000000000000000c di, orig_ax
- 0xffffc900005dbfd8: 0x00007f0d0ddfaf19 0x0000000000000033 ip, cs
- 0xffffc900005dbfe8: 0x0000000000000246 0x00007ffeb8fe14a8 flags, sp
- 0xffffc900005dbff8: 0x000000000000002b Cannot access memory at address 0xffffc900005dc000 ss
假设是 socket 系统调用, 调用号为 41, 0x29
- (gdb) x /100gx 0xffffc90000713f28
- 0xffffc90000713f28: 0xffffc90000713f48 0x00000000ed729985
- 0xffffc90000713f38: 0x0000000000000000 0x0000000000400790
- 0xffffc90000713f48: 0x00007fff66f1dfc0 0xffffffff8185c7bb
- 0xffffc90000713f58: 0x00007fff66f1db86 0x00007fff66f1dae0
- 0xffffc90000713f68: 0x00007fff66f1dae2 0x00007fff66f1dae8
- 0xffffc90000713f78: 0x00000000ffffffff 0x00007fff66f1dae3
- 0xffffc90000713f88: 0x0000000000000206 0x000000000000002d
- 0xffffc90000713f98: 0x0000000000000000 0x1fffffffffffffff
- 0xffffc90000713fa8: 0xffffffffffffffda 0x00007f490b5346a7
- 0xffffc90000713fb8: 0x0000000000000000 0x0000000000000001
- 0xffffc90000713fc8: 0x0000000000000002 0x0000000000000029 di, orig_ax
- 0xffffc90000713fd8: 0x00007f490b5346a7 0x0000000000000033
- 0xffffc90000713fe8: 0x0000000000000206 0x00007fff66f1db28
- 0xffffc90000713ff8: 0x000000000000002b Cannot access memory at address 0xffffc90000714000
完
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/你好赵伟/article/detail/160655
推荐阅读
相关标签
