"Linux kernel Analysis" experiment one

"Linux kernel Analysis" experiment one

Hozhenhao

Original works reproduced please specify the source http://www.cnblogs.com/scoyer/p/6411414.html

"Linux kernel Analysis" MOOC course http://mooc.study.163.com/course/USTC-1000029000

The computer is composed of hardware and software, the hardware is mainly CPU and memory, software is system software and application software. The beginning of the computer is the von Neumann put forward the idea of the storage program, which corresponds to the hardware of the CPU and memory, CPU execution instructions, instructions and related data in memory, the CPU in accordance with ECS::EIP instructions to take out the instructions to execute, continuous execution. The main function of the operating system is to provide the interface, the program ape according to these interfaces to program, a variety of software is produced. Linux is a very good operating system, the code of the system is open source, so studying the Linux kernel is an important way to understand how the computer works. Linux has to deal with how to plan computer hardware so that they can work with each other and execute the code in step.

The current experiment requires disassembly of a simple C program, direct reading of the assembly code to understand the core working mechanism of computer hardware (stored program computer and function call stack) has some help, the following is my experimental process.

experimental Environment: Experimental Building

1. Create a C file exp.c

The EXP.C code is as follows:

2. Enter the following instructions to compile the assembly code:

1. Gcc–s–o Exp.s Exp.c-m32

3. Start getting the code for many system parameter codes, delete all the beginning bands, get the following code:

A simple analysis of the above assembler code is given below, assuming that the stack state at the beginning is as follows:

	0
	1
	2
	3
	4
	5
	6
	7
	8
	9

assuming that the first ESP = EBP = 0, we all know that the C-language execution function is main, so starting from line 19th, the line is interpreted as follows:

(1) the EBP into the stack, this time the esp-4 becomes the figure 1 position esp=1, and then the EBP pushed into the stack that [0] = EBP 0;

(2) EBP = ESP = 1

(3) esp=2

(4) [1] = 10

(5) refer to the F function to execute, at this time the call instruction to execute contains two, one is to save the current EIP to the stack, so esp=3,[2] = EIP 24 (indicating the line number of the current execution instruction), and the second is to set the EIP as the first instruction of the F function, So the EIP is modified to the address of the ninth line, so the following command is the beginning of line Nineth

(6) ESP = 4,[3] = EBP 1

(7) ESP = EBP = 4

(8) ESP = 5

(9) eax = (EBP + 8) = [1] = 10 (value passed to f function)

(Ten) EAX = 10 + 11 = 21

(11) [4] = 21

The execute call command is obtained in the two steps described above: ESP = 6, [5] = EIP, EIP = 2, so the following instruction starts from the second line

ESP = 7, [6] = EBP 4

ESP = EBP = 7

(EAX) = 21

(+) EAX = 12 + 21 = 33

EBP = [6] = 4, esp = 6

The RET command is pop%eip, so now it is EIP = [5] = +, ESP = 5 is recalled to line 16th to start execution

(+) Leave also contains two instructions, esp = EBP = 4,EBP = [3] = 1,ESP = 3

EIP = 24, esp = 2 callback to line start

(EAX) = 34

ESP = EBP = 1,EBP = 0, esp = 0

from the hardware point of view, by constantly entering the stack and out of the stack function calls, with a stack to store the last execution of the position and the EAX register stored to the function parameters and functions returned by the parameters, the computer is through the CPU constantly execute the corresponding instructions, using the characteristics of the stored procedures step-by-step work.

"Linux kernel Analysis" experiment one