"Linux system Kernel Analysis" lab report 1

" Linux System Kernel Analysis "experimental report 1

By compiling a simple C program, analyze the assembly code to understand how the computer works

Zhang + Original works reproduced please specify the source + "Linux kernel analysis" MOOC course http://mooc.study.163.com/course/USTC-1000029000

How the Computer works:

The basic architecture of modern computer is to adopt von Neumann structure, and the most important point of von Neumann design idea is the concept of "stored program". The working process of the computer is the process of executing the program. First write the program that needs to be executed, and then send it to the storage by the input device, that is, the program is stored. According to the design of von Neumann, the computer should be able to execute the program automatically, and the execution program boils down to the execution instruction. The execution of an instruction can be divided into the following 4 basic operations:

1. Take-out instruction: Remove the instruction register to be executed from an address of the memory to the inside of the CPU.
2. Analysis instructions: The instructions stored in the instruction register are sent to the instruction decoder, the corresponding micro-operation of the instruction.
3. Execution instruction: According to the instruction decoding, sends the corresponding control signal to each component, completes the instruction stipulation the various operation.
4. To prepare for the execution of the next instruction, remove the next instruction address.

Next through a simple C program to analyze the program's execution process

Here is a very simple C program, the source code is as follows:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/7C/6F/wKiom1bQNKeT1AooAADPWfG165I874.png "/>

Input: gcc S o main.s main.c m32 to generate assembly code

Tidy up. After compiling the code, look at the assembly code:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/7C/6E/wKioL1bQNRmT0dOpAAHIsuSHaKQ213.png "/>

My Ubuntu system in my virtual machine is a little different from the assembler code of the experimental building Ubuntu system

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/7C/6F/wKiom1bQNKixugoAAACP9mxIzIM364.png "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/7C/6E/wKioL1bQNRqCMfu6AAEqN4WeZ-Y226.png "/>

The following is an analysis of the stack register using GDB stepping:

First we start with the main function. (The first two statements do not set breakpoints when GDB executes, but the statements that execute the function have these 2, which are put in other functions to illustrate):

First set a breakpoint on the main function and run:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/7C/6F/wKiom1bQNKmSwpO3AAHAmwdZpRw547.png "/>

Check the value of the register at this time:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/7C/6F/wKiom1bQNKrRSqyIAAFGa8wPCzU196.png "/>

Their values: both ESP and EBP are 0XBFFFF568,EIP are 0x8048409 (exactly the address of the next instruction to be executed)

Continue with the following steps:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/7C/6E/wKioL1bQNRzCLljsAAAnIDXY-zk341.png "/>

Push 2 onto the stack.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/7C/6E/wKioL1bQNRzj26mZAAE9q7oQ8oo918.png "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/7C/6F/wKiom1bQNKvTEnqOAAFBB4QUVmg734.png "/>

At this point, the ESP minus 4, and ebp unchanged, the EIP continues to point to the next instruction

Next, to execute the call instruction, set a breakpoint on function f and proceed:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/7C/6F/wKiom1bQNKzwbRgLAAFbxKGEaYw994.png "/>

At this point, the program jumps to function f.

Call F

Call function F, in fact, this instruction is equivalent to

PUSHL%eip

MOVL $f,%eip

The value of the EIP is stored in the esp-4 position, and the purpose of saving the EIP is to continue executing the statement under Call F when the function calls return:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/7C/6E/wKioL1bQNR7x0WeMAAAy4n7fJwM325.png "/>

At this point, the value of ESP is 0XBFFFF560,EBP 0xbffff568

After jumping to function f, the first two statements are the same as the main function, which is to save the stack state, which is explained in detail here:

First, save the value of EBP in the position of esp-4.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/7C/6F/wKiom1bQNK3wAWrtAAAyx5oIW6U535.png "/>

Then assign the value of ESP to SBP, at which point both the ESP and EBP values are 0xbffff55c

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/7C/6E/wKioL1bQNR-Sp7bHAAFuhBmYjKU980.png "/>

Then proceed with the ebp+8, which is the value of the 2 stack:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/7C/6F/wKiom1bQNK7AvjPiAAA3coiGrdU423.png "/>

At this point the ESP continues-4

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/7C/6E/wKioL1bQNR-QKgjfAAA3f4IPDbs584.png "/>

To view the value of a register

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/7C/6F/wKiom1bQNK7wkVlZAAFh5x5y4Jk444.png "/>

Register value: ESP has a value of 0XBFFFF558,EBP of 0xbffff55c,

The next step is to jump to function g, so set a breakpoint on function g and proceed:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/7C/6E/wKioL1bQNSDDNELqAAFZRkbvTTw206.png "/>

Observe the value of the Register:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/7C/6E/wKioL1bQNSGj1MNtAAFgc3cMA5M906.png "/>

Similarly: The value of the register EIP continues to be stored in the position of the esp-4 so that it can be returned to the function f

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/7C/6F/wKiom1bQNLCj8sgCAAA3E-O4-hc702.png "/>

The value of the old ebp into the G function is also saved, the new ESP and EBP are the same

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/7C/6E/wKioL1bQNSKS-QpMAAAz-epWbLI666.png "/>

At this point, the values for both ESP and EBP are 0xbffff550

Next, we'll go ahead and give eax the value of ebp+8.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/7C/6F/wKiom1bQNLChKJ0yAAA9d1u4RCU062.png "/>

View register, at which time the value of both ESP and EBP is 0xbffff550,eax value is 2

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/7C/6E/wKioL1bQNSLSmpLMAAFESfCxrq0140.png "/>

Continue execution:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/7C/6F/wKiom1bQNLGj60DGAAA1mU_Nsvc446.png "/>

Add the value of 3 and EAX and save the result to the EAX

View Registers

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/7C/6E/wKioL1bQNSODoe7OAAFIe1QszOE434.png "/>

The value of the register EAX becomes 5, and the value of both ESP and EBP is 0xbffff550

Then continue to execute:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/7C/6F/wKiom1bQNLLwY5u8AAAuRmUiIis996.png "/>

Give the value of ESP to EBP, view the Register

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/7C/6F/wKiom1bQNLPAA7W8AAFIOKq_1tA753.png "/>

Register value: The value of ESP is 0XBFFFF554,EBP 0xbffff55c,eax or 5

Then continue to execute:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/7C/6E/wKioL1bQNSST7fB_AAAcyU34uMc071.png "/>

instruction ret equivalent to instruction POPL%EIP

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/7C/6E/wKioL1bQNSXAtAKyAAFGRs70wXY212.png "/>

The value of the ESP is 0XBFFFF558,EBP value 0xbffff55c,eax or 5

This again returns to function F to continue execution:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/7C/6F/wKiom1bQNLSi_LfoAAEj_HnDSjE145.png "/>

Continue, and then look at the Register:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/7C/6F/wKiom1bQNLTxs9GfAAFTHbdB0-U779.png "/>

Are the values for ESP and EBP both 0xbffff55c,eax or 5?

Continue, leave, this instruction is equivalent to the following two instructions:

MOVL%EBP,%esp

POPL%EBP

View Registers

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/7C/6E/wKioL1bQNSbDO6MwAAE4ZUlNVNI241.png "/>

The value of the ESP is 0XBFFFF560,EBP value 0xbffff568,eax or 5

Continue to perform RET, pop the value of the saved EIP, and return to the main function to execute:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/7C/6F/wKiom1bQNLfzVp1hAAJ2-uZt4r4264.png "/>

Check the value of the register, esp the value of 0XBFFFF564,EBP 0xbffff568,eax or 5

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/7C/6E/wKioL1bQNSnwZ8XiAAFCtLh57D4080.png "/>

Execute 2 consecutive steps to continue

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/7C/6F/wKiom1bQNLjylhABAAF8b4rpHcw268.png "/>

At this point the value of EAX becomes the value of 6,esp and EBP 0xbffff568

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/7C/6E/wKioL1bQNSrTqOzxAAFFmlcyhQo742.png "/>

Then proceed to 2 steps, the main function returns 650) this.width=650; "Src=" http://s3.51cto.com/wyfs02/M02/7C/6E/ Wkiol1bqnsvq-amaaafbwdij0no344.png "/>

Summarize

By analyzing the corresponding assembly code and observing the changes of the running stack, we have deepened the understanding of the program execution process and understood how the computer works:

1. According to the EIP refers to the instruction execution, while the EIP self-increment;
2. If the execution is a jump statement, the EIP is pressed to stack, and then the purpose of the need to jump to the address of the EIP to achieve the jump;
3. If the function call is executed, the EIP is pressed and the EBP is pressed, and then the corresponding function address is assigned to the EIP;
4. If it is a different instruction, it continues from the address taken by the EIP to execute the instruction.

"Linux system Kernel Analysis" lab report 1