Examining assembly code: fifo_rdwr()

Previous page
Table of content
Next page

While still in adb , we start off searching for any instruction that has %i3 as the destination register. In this example, we are examining 16 instructions (10 hex) at a time. 

  fifo_rdwr,10/ia  _fifo_rdwr:   _fifo_rdwr:             save    %sp, -0x60, %sp   _fifo_rdwr+4:           ld      [%i1 + 0x10], %l1   _fifo_rdwr+8:           ld      [%i1 + 0x8], %o0   _fifo_rdwr+0xc:         clr     %l7   _fifo_rdwr+0x10:        orcc    %g0, %o0, %g0   _fifo_rdwr+0x14:        be,a    _fifo_rdwr + 0x30   _fifo_rdwr+0x18:        ld      [%i0 + 0x24], %i0   _fifo_rdwr+0x1c:        ld      [%i1 + 0x8], %o1   _fifo_rdwr+0x20:        sethi   %hi(0xf8117800), %o0   _fifo_rdwr+0x24:        call    _printf   _fifo_rdwr+0x28:        or      %o0, 0x378, %o0   _fifo_rdwr+0x2c:        ld      [%i0 + 0x24], %i0   _fifo_rdwr+0x30:        lduh    [%i0 + 0x34], %o1   _fifo_rdwr+0x34:        andcc   %o1, 0x1, %g0   _fifo_rdwr+0x38:        be,a    _fifo_rdwr + 0xb4   _fifo_rdwr+0x3c:        sethi   %hi(0xf811fc00), %l0   _fifo_rdwr+0x40:  +,10/ia  _fifo_rdwr+0x40:        sethi   %hi(0xf811fc00), %o2   _fifo_rdwr+0x44:        ld      [%o2 + 0x48], %o2     ! -0x7ee03b8   _fifo_rdwr+0x48:        orcc    %g0, %o2, %g0   _fifo_rdwr+0x4c:        be,a    _fifo_rdwr + 0x64   _fifo_rdwr+0x50:        sethi   %hi(0xf811cc00), %o4   _fifo_rdwr+0x54:        sethi   %hi(0xf8112800), %o3   _fifo_rdwr+0x58:        ld      [%o3 + 0x31c], %o3    ! -0x7eed4e4   _fifo_rdwr+0x5c:        ba      _fifo_rdwr + 0x6c   _fifo_rdwr+0x60:        mov     %o3, %i5   _fifo_rdwr+0x64:        ld      [%o4 + 0x98], %o4   _fifo_rdwr+0x68:        mov     %o4, %i5   _fifo_rdwr+0x6c:        ld      [%i0 + 0x5c], %o5   _fifo_rdwr+0x70:        cmp     %o5, %i5   _fifo_rdwr+0x74:        be,a    _fifo_rdwr + 0xb4   _fifo_rdwr+0x78:        sethi   %hi(0xf811fc00), %l0   _fifo_rdwr+0x7c:        lduh    [%i0 + 0x34], %o7   _fifo_rdwr+0x80:  and so on

Sure enough, fairly deep into the routine, we see that %i3 is indeed modified under various circumstances. 

  +,10/ia  _fifo_rdwr+0x4c0:       call    .mul  _fifo_rdwr+0x4c4:       ld      [%o1 + 0x258], %o1  _fifo_rdwr+0x4c8:       ldsh    [%i0 + 0x80], %o1  _fifo_rdwr+0x4cc:       sub     %o0, %o1, %o0  _fifo_rdwr+0x4d0:       cmp     %o0, %i5  _fifo_rdwr+0x4d4:       bgeu,a  _fifo_rdwr + 0x540  _fifo_rdwr+0x4d8:       ld      [%i0 + 0x64], %i3  <<----   Here  _fifo_rdwr+0x4dc:       call    _fifo_bufalloc  _fifo_rdwr+0x4e0:       mov     %i0, %o0  _fifo_rdwr+0x4e4:       mov     %o0, %i2  _fifo_rdwr+0x4e8:       orcc    %g0, %i2, %g0  _fifo_rdwr+0x4ec:       be,a    _fifo_rdwr + 0x15c  _fifo_rdwr+0x4f0:       ld      [%i1 + 0x10], %i5  _fifo_rdwr+0x4f4:       st      %g0, [%i2]  _fifo_rdwr+0x4f8:       ld      [%i0 + 0x64], %o3  _fifo_rdwr+0x4fc:       orcc    %g0, %o3, %g0  _fifo_rdwr+0x500:  +,10/ia  _fifo_rdwr+0x500:       bne,a   _fifo_rdwr + 0x510  _fifo_rdwr+0x504:       ld      [%i0 + 0x68], %o4  _fifo_rdwr+0x508:       ba      _fifo_rdwr + 0x514  _fifo_rdwr+0x50c:       st      %i2, [%i0 + 0x64]  _fifo_rdwr+0x510:       st      %i2, [%o4]  _fifo_rdwr+0x514:       st      %i2, [%i0 + 0x68]  _fifo_rdwr+0x518:       ldsh    [%i0 + 0x86], %o0  _fifo_rdwr+0x51c:       sethi   %hi(0xf812b400), %o1  _fifo_rdwr+0x520:       call    .mul  _fifo_rdwr+0x524:       ld      [%o1 + 0x258], %o1  _fifo_rdwr+0x528:       ldsh    [%i0 + 0x80], %o1  _fifo_rdwr+0x52c:       sub     %o0, %o1, %o0  _fifo_rdwr+0x530:       cmp     %o0, %i5  _fifo_rdwr+0x534:       blu     _fifo_rdwr + 0x4dc  _fifo_rdwr+0x538:       nop  _fifo_rdwr+0x53c:       ld      [%i0 + 0x64], %i3  <<----   and here  _fifo_rdwr+0x540:  +,10/ia  _fifo_rdwr+0x540:       ldsh    [%i0 + 0x80], %i2  _fifo_rdwr+0x544:       sethi   %hi(0xf812b400), %o7  _fifo_rdwr+0x548:       ld      [%o7 + 0x258], %o7     ! -0x7ed49a8  _fifo_rdwr+0x54c:       cmp     %i2, %o7  _fifo_rdwr+0x550:       bl,a    _fifo_rdwr + 0x57c  _fifo_rdwr+0x554:       orcc    %g0, %i5, %g0  _fifo_rdwr+0x558:       ld      [%i3], %i3  <<----   and here  _fifo_rdwr+0x55c:       sethi   %hi(0xf812b400), %o0  _fifo_rdwr+0x560:       ld      [%o0 + 0x258], %l0  _fifo_rdwr+0x564:       ld      [%o0 + 0x258], %o0  _fifo_rdwr+0x568:       sub     %i2, %l0, %i2  _fifo_rdwr+0x56c:       cmp     %i2, %o0  _fifo_rdwr+0x570:       bge,a   _fifo_rdwr + 0x55c  _fifo_rdwr+0x574:       ld      [%i3], %i3  <<----   and here  _fifo_rdwr+0x578:       orcc    %g0, %i5, %g0  _fifo_rdwr+0x57c:       be,a    _fifo_rdwr + 0x5fc  _fifo_rdwr+0x580:  +,10/ia  _fifo_rdwr+0x580:       mov     0x42, %o1  _fifo_rdwr+0x584:       sethi   %hi(0xf812b400), %o0  _fifo_rdwr+0x588:       ld      [%o0 + 0x258], %o0     ! -0x7ed49a8  _fifo_rdwr+0x58c:       sub     %o0, %i2, %i4  _fifo_rdwr+0x590:       cmp     %i5, %i4  _fifo_rdwr+0x594:       bgeu,a  _fifo_rdwr + 0x5a4  _fifo_rdwr+0x598:       mov     %i1, %o3  _fifo_rdwr+0x59c:       mov     %i5, %i4  _fifo_rdwr+0x5a0:       mov     %i1, %o3  _fifo_rdwr+0x5a4:       mov     0x1, %o2  _fifo_rdwr+0x5a8:       mov     %i4, %o1  _fifo_rdwr+0x5ac:       call    _uiomove  <<---- Remember this?  _fifo_rdwr+0x5b0:       add     %i3, %i2, %o0  _fifo_rdwr+0x5b4:       mov     %o0, %l7  _fifo_rdwr+0x5b8:       orcc    %g0, %l7, %g0  _fifo_rdwr+0x5bc:       bne,a   _fifo_rdwr + 0xa88  _fifo_rdwr+0x5c0:  +,10/ia  _fifo_rdwr+0x5c0:       ld      [%i0 + 0x60], %o5  _fifo_rdwr+0x5c4:       ld      [%i0 + 0x78], %o2  _fifo_rdwr+0x5c8:       sll     %i4, 0x10, %o3  _fifo_rdwr+0x5cc:       add     %o2, %i4, %o2  _fifo_rdwr+0x5d0:       st      %o2, [%i0 + 0x78]  _fifo_rdwr+0x5d4:       ldsh    [%i0 + 0x80], %o4  _fifo_rdwr+0x5d8:       sra     %o3, 0x10, %o3  _fifo_rdwr+0x5dc:       add     %o4, %o3, %o4  _fifo_rdwr+0x5e0:       sub     %i5, %i4, %i5  _fifo_rdwr+0x5e4:       orcc    %g0, %i5, %g0  _fifo_rdwr+0x5e8:       sth     %o4, [%i0 + 0x80]  _fifo_rdwr+0x5ec:       ld      [%i3], %i3  <<----   Panic!  _fifo_rdwr+0x5f0:       bne     _fifo_rdwr + 0x584  _fifo_rdwr+0x5f4:       clr     %i2  _fifo_rdwr+0x5f8:       mov     0x42, %o1  _fifo_rdwr+0x5fc:       call    _smark  _fifo_rdwr+0x600:

The modifications to register %i3 are surrounded by code that performs a lot of branches and jumps , as some programs do, instead of simply executing in fairly consecutive order. So, at this point, we have to ask ourselves "Do we want to try to walk through this code to figure out what %i3 should have contained when we reached fifo_rdwr+0x5ec ?" (If you answered "Yes," you might want to consider finding some new hobbies.)

Instead, let's try a different approach. Let's see if the values passed to the routines appear to be good ones.


Previous page
Table of content
Next page
PANIC. UNIX System Crash Dump Analysis Handbook
PANIC! UNIX System Crash Dump Analysis Handbook (Bk/CD-ROM)
ISBN: 0131493868
EAN: 2147483647
Year: 1994
Pages: 289
Authors: Chris Drake
BUY ON AMAZON
Crystal Reports 9 on Oracle (Database Professionals)
Lean Six Sigma for Service : How to Use Lean Speed and Six Sigma Quality to Improve Services and Transactions
Quartz Job Scheduling Framework: Building Open Source Enterprise Applications
VBScript in a Nutshell, 2nd Edition
GDI+ Programming with C#
Microsoft Visual Basic .NET Programmers Cookbook (Pro-Developer)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy