This is the mail archive of the
gdb@sources.redhat.com
mailing list for the GDB project.
i386 + frameless functions that play with the stack
- From: Daniel Jacobowitz <drow at mvista dot com>
- To: gdb at sources dot redhat dot com
- Date: Thu, 21 Nov 2002 18:29:05 -0500
- Subject: i386 + frameless functions that play with the stack
Glibc's system call stubs look like this, in general:
0x400ddbc0 <write>: push %ebx
0x400ddbc1 <write+1>: mov 0x10(%esp,1),%edx
0x400ddbc5 <write+5>: mov 0xc(%esp,1),%ecx
0x400ddbc9 <write+9>: mov 0x8(%esp,1),%ebx
0x400ddbcd <write+13>: mov $0x4,%eax
0x400ddbd2 <write+18>: int $0x80
0x400ddbd4 <write+20>: pop %ebx
0x400ddbd5 <write+21>: cmp $0xfffff001,%eax
0x400ddbda <write+26>: jae 0x400ddbdd <write+29>
0x400ddbdc <write+28>: ret
Plus some error handling code off on the side (after the ret). Suppose
we're situated on the pop %ebx, not having executed it yet. GDB concludes:
Stack level 0, frame at 0xbffff608:
eip = 0x400ddbd4 in write; saved eip 0x4003aa5f
(FRAMELESS), called by frame at 0xbffff608
Arglist at 0xbffff608, args:
Locals at 0xbffff608, Previous frame's sp in esp
Saved registers:
ebp at 0xbffff608, eip at 0xbffff60c
If I single-step over the pop, the output of info frame doesn't work. But
before the step, a backtrace looks like:
(gdb) bt
#0 0x400ddbd4 in write () from /lib/libc.so.6
#1 0x401333c4 in sys_sigabbrev () from /lib/libc.so.6
#2 0x4003aa5f in __libc_start_main () from /lib/libc.so.6
And after:
(gdb) bt
#0 0x400ddbd5 in write () from /lib/libc.so.6
#1 0x08048487 in main () at pipe.c:9
So while the stack is pushed we can't figure out where the calling frame is.
0x401333c4 is just being picked up from *$esp instead of trying to do
prologue analysis.
Should this work? How?
--
Daniel Jacobowitz
MontaVista Software Debian GNU/Linux Developer