Menu
I need to get the values in the registers with GCC.
Something similar to this:
EAX=00000002 EBX=00000001 ECX=00000005 EDX=BFFC94C0 ESI=8184C544 EDI=00000000 EBP=0063FF78 ESP=0063FE3C CF=0 SF=0 ZF=0 OF=0
Getting the 32-bit registers is easy enough, but I'm not sure what the simplest way to get the flags is.
In the examples for this book: http://kipirvine.com/asm/
They do it by getting the whole EFLAGS register and shifting for the bit in question. I also thought of doing it using Jcc's and CMOVcc's.
Any other suggestions on how to do it? Some test cases to verify would also be useful.
346
There is no need to use assembler just to get the registers.
You can just use setjmp. That will write all registers into a stucture of type jmp_buf. It even kind of Works cross platform except for the fact that jmp_buf itself is different for each architecture.
However, calling setjmp (and calling your assembler code as well) will change some of the registers, so you can't really trust them.
There is a way to get a real snapshot, but that's a bit more difficult and highly OS dependent:
install an exception handler for the illegal illegal opcode extension. The handler can be either a real interrupt, a signal handler or a OS exception handler (the try/except blocks form C++ will not work).
Emit an illegal opcode in your code.
The trick here is, that the illegal opcode has no register side-effects. The exception handler can copy the registers either from the stack or from a exception info structure.
The same trick may work with breakpoint interrupts forced overflows, traps or so. There is usually more than one way to raise an interrupt from a piece of code.
Regarding the EFLAGS: You can get them via a stack operation:
PUSHFD
POP EAX
, eax now contains the EFLAG data
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
