[pso] "ret" & "syscall_number" in EAX !
Octavian Purdila
tavi at cs.pub.ro
Thu Mar 16 21:09:42 EET 2006
On Thursday 16 March 2006 20:51, Bogdan Ardeleanu wrote:
> "Simply entering kernel-space alone is not sufficient because there are multiple system calls, all of which enter the kernel in the same manner. Thus, the system call number must be passed into the kernel. On x86, the syscall number is fed to the kernel via the eax register. Before causing the trap into the kernel, user-space sticks in eax the number corresponding to the desired system call. The system call handler then reads the value from eax."
>
>
> [...]
>
>
> "The return value is sent to user-space also via register. On x86, it is written into the eax register."
>
> Linux Kernel Development Second Edition
> By Robert Love
>
>
>
> INTREBARE: Cand pot scoate din struct pt_regs numarul apelului de sistem si cand returnul apelului de system?
Rezultatul apelului de sistem se pune in EAX in momentul intoarcerii in user-space (deci pe undeva prin system_call in entry.S).
Pana atunci (inclusiv in rutina ta de interceptare), ce citesti din EAX e numarul apelului de sistem.
tavi
More information about the pso
mailing list