Re: Getting the EIP of a process
From: gopan (gop_kumar_at_hotmail.com)
Date: 10/16/04
- Next message: Norm Dresner: "Re: kernel man pages"
- Previous message: John Smithe: "Re: Simple serial comm problem need help"
- In reply to: Jon M. Hanson: "Getting the EIP of a process"
- Next in thread: Tim Roberts: "Re: Getting the EIP of a process"
- Reply: Tim Roberts: "Re: Getting the EIP of a process"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: 15 Oct 2004 23:10:47 -0700
"> In my research in how to do this I've found that the stack pointer
> for the user process before it entered the kernel is stored in current->
> thread.esp0. From there the registers for the user process are stored at
> offsets from that stack address (for example, eip is supposed to be 0x28
> unsigned char bytes from esp0). I have code to get the eip as follows:
>
> unsigned char *stack_address, *eip;
>
> stack_address = (unsigned char *)(current->thread.esp0);
> eip = stack_address + 0x28;
> printk("eip = %08lx\n", *(unsigned long *)eip);
>
As casper said the registers are stored in the kernel mode stack of the process.
And in your platform, if the stack grows from high to low then shouldn't you
be subtracting 0x28 from ESP0 ?
- Next message: Norm Dresner: "Re: kernel man pages"
- Previous message: John Smithe: "Re: Simple serial comm problem need help"
- In reply to: Jon M. Hanson: "Getting the EIP of a process"
- Next in thread: Tim Roberts: "Re: Getting the EIP of a process"
- Reply: Tim Roberts: "Re: Getting the EIP of a process"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
