OSDev.org

The Place to Start for Operating System Developers
It is currently Wed Sep 19, 2018 12:36 pm

All times are UTC - 6 hours




Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: How to get operand of instruction using qemu
PostPosted: Sat May 12, 2018 5:44 pm 
Offline

Joined: Fri May 05, 2017 8:09 pm
Posts: 4
I would like to get the operand of an i386 instruction that is executed in my QEMU guest. for example ,I'd like to get the operand
Code:
0x400400
of
Code:
40053a:e8 c1 fe ff ff      callq  400400 <puts@plt>
,But it seems that I can not find the C FUNCTION used to get the operand.


Top
 Profile  
 
 Post subject: Re: How to get operand of instruction using qemu
PostPosted: Sun May 13, 2018 7:45 am 
Offline
Member
Member
User avatar

Joined: Fri Oct 27, 2006 9:42 am
Posts: 1305
Location: Athens, GA, USA
The wording of your question is a bit confusing, because it isn't entirely clear what you are trying to find.

The operand for the CALL instruction (which in AT&T syntax becomes callq for a 64-bit system, at least in objdump - GCC and Clang are a bit different) is 0x400400, which is presumably the address of the puts() function.

Note that the C function isn't going to be visible except as a label with the function name - if that. While objdump is kind enough to give you the symbolic names of the functions and other labelled addresses when it can, it bases these on the symbol tables in the executable file, which in turn get them from the object or archive files the code was linked from. If the symbols have been removed from the executable file using strip or something similar, then it can't even do that.

OTOH, if you wanted the arguments being passed to puts(), those aren't part of the callq instruction at all. You would need to look at what was pushed onto the stack and/or moved into the argument registers¹ in the instructions preceding the call.

On the gripping hand, if you are looking for the code in QEMU itself that handles the calling... well, you'd need to look at the QEMU code. I am pretty sure that this last one wasn't what you wanted, but as I said, the wording was ambiguous.

Footnote
1. Depending on the Calling Convention used and the number of arguments passed. While there are several x86 calling conventions used by different OSes and compilers, today x86-64 systems almost exclusively use either the AMD64 convention, or the Microsoft/UEFI one.

_________________
Rev. First Speaker Schol-R-LEA;2 LCF ELF JAM POEE KoR KCO PPWMTF
μή εἶναι βασιλικήν ἀτραπόν ἐπί γεωμετρίαν
Lisp programmers tend to seem very odd to outsiders, just like anyone else who has had a religious experience they can't quite explain to others.


Last edited by Schol-R-LEA on Mon May 14, 2018 7:58 am, edited 1 time in total.

Top
 Profile  
 
 Post subject: Re: How to get operand of instruction using qemu
PostPosted: Sun May 13, 2018 8:42 am 
Offline
Member
Member
User avatar

Joined: Sat Mar 31, 2012 3:07 am
Posts: 3258
Location: Chichester, UK
You're looking at a call to a function in a dynamic library. The way this works is rather involved, and depends upon whether the function has already been called or not. So just finding the address may not give you all that you want.

It might help if you could explain exactly why you want this value, and in what environment you are running when you want it. I doubt that it is in your own OS because if you knew enough to be able to load dynamic libraries and call functions in them you probably wouldn't need to ask the question. The short answer is that the best way to trace the function call would be by single-stepping in gdb.

Tell us more about what exactly you are doing and what is the real question behind the one you ask.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC - 6 hours


Who is online

Users browsing this forum: Bing [Bot], YaCy [Bot] and 10 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group