Month: June 2016

the ways we get EIP in bochs

the ways we get EIP in bochs

1) bx_dbg_get_eip()

is okay but requires debugger to be compiled in

2) BX_CPU(i)->guard_found.eip

is the eip of instruction which hit a guard, not necessary current eip

3) BX_32BIT_REG_EIP

is just a enum which translates to integer with no human meaning

4) BX_CPU(0)->get_eip()

is the most correct way

5) BX_CPU(0)->gen_reg[BX_32BIT_REG_EIP].dword.erx

accessing 32-bit EIP, not the RIP or 16-bit IP through non-convenional access to CPUs internal variable. Don’t be surpised if the variable changes its name or location without telling you

read count : 4

a super skill to help you understand .init and .fini

a super skill to help you understand .init and .fini, just do “LD_DEBUG=libs ./a.out”, read detail http://www.bnikolic.co.uk/blog/linux-ld-debug.html

One thing need to remind you, loader pass control to a.out *BEFORE* it calls the fini.

/root>LD_DEBUG=libs ./a.out
      8044:	find library=libstdc++.so.6 [0]; searching
      8044:	 search cache=/etc/ld.so.cache
      8044:	  trying file=/usr/lib/x86_64-linux-gnu/libstdc++.so.6
      8044:	
      8044:	find library=libgcc_s.so.1 [0]; searching
      8044:	 search cache=/etc/ld.so.cache
      8044:	  trying file=/lib/x86_64-linux-gnu/libgcc_s.so.1
      8044:	
      8044:	find library=libc.so.6 [0]; searching
      8044:	 search cache=/etc/ld.so.cache
      8044:	  trying file=/lib/x86_64-linux-gnu/libc.so.6
      8044:	
      8044:	find library=libm.so.6 [0]; searching
      8044:	 search cache=/etc/ld.so.cache
      8044:	  trying file=/lib/x86_64-linux-gnu/libm.so.6
      8044:	
      8044:	
      8044:	calling init: /lib/x86_64-linux-gnu/libc.so.6
      8044:	
      8044:	
      8044:	calling init: /lib/x86_64-linux-gnu/libm.so.6
      8044:	
      8044:	
      8044:	calling init: /lib/x86_64-linux-gnu/libgcc_s.so.1
      8044:	
      8044:	
      8044:	calling init: /usr/lib/x86_64-linux-gnu/libstdc++.so.6
      8044:	
      8044:	
      8044:	initialize program: ./a.out
      8044:	
      8044:	
      8044:	transferring control: ./a.out
      8044:	
4660
      8044:	
      8044:	calling fini: ./a.out [0]
      8044:	
      8044:	
      8044:	calling fini: /usr/lib/x86_64-linux-gnu/libstdc++.so.6 [0]
      8044:	
      8044:	
      8044:	calling fini: /lib/x86_64-linux-gnu/libgcc_s.so.1 [0]
      8044:	
      8044:	
      8044:	calling fini: /lib/x86_64-linux-gnu/libm.so.6 [0]
      8044:	

read count : 22

discovered something about .init and .fini sections

discovered something about .init and .fini sections, if you compile your source file into .o, no .init and .fini sections exist. But if you compile your code into target exe, .init and .fini are there. My question is: where does those .init and .fini come from the .o?

read count : 16