develop a 'customized ld'

sean yang seanatpurdue@hotmail.com
Fri Sep 30 18:48:00 GMT 2005 



>From: Ravi Ramaseshan <ramaseshan.ravi@gmail.com>
>Reply-To: ramaseshan.ravi@gmail.com
>To: sean yang <seanatpurdue@hotmail.com>
>Subject: Re: develop a 'customized ld'
>Date: Sun, 11 Sep 2005 01:52:23 -0400
>
>Hi,
>
>On 9/11/05, sean yang <seanatpurdue@hotmail.com> wrote:
> > I would like to collect the information of call to some libc functions. 
>I am
> > not going to use it in the program itself but I am going to use it in a
> > system  tool to watch the program's special calls.
>
>So why do you want to do it in the linker ? Why not work on the
>disassembly instead ?
~~~~~~~~~~~~~~~Thanks for this comment. Yes, a "perfect" disassembler will 
give me what I want. But I think disassemblers such as objdump are not 100% 
reliable.
For example, objdump gives wrong interpretation of a piece of code in libc 
under redhat.
Location:     Mem Contents             Disassembly Results

0x809ef45: eb 3c                          jmp 0x809ef83
0x809ef47: 00 00                         add %al, (%eax)
0x809ef49: 00                              add %al,
0x809ef4a: 83 ee 04 83 ee            0xee8304ee(%ebx)
0x809ef4f: 04 83                          add $0x83, %al
...
0x809efaa: 73 9e                          jae 0x809ef4a

starting at 0x809ef47, three NUL bytes of data (0x00) were inserted to push 
the loop header at address forward, presumably for alignment purposes. The 
NUL bytes and subsequent instructions are misinterpreted by the utility 
objdump. The error is observable: the add at address 0x809ef49 references an 
absolute memory location that does not even appear in the scope of 
executable! The instruction sequence is clearly invalid.

My goal is to fully automatically identify these call sites (as opposed to 
reverse-engineering other's code, in which case human intelligence will help 
to resolve the imprecise results of disassembler).
I understand the analogy of using assembler/linker and using disassembler is 
like observing a tree with our eyes and observing a picture of a tree: we 
have exact and enough information when using assembler/linker --a 3-D tree 
in the analogy case; we have an image which loses a lot useful information 
when using disassembler.


>--
>Ravi Ramaseshan
>
>" Reality is only something we believe in strongly. "

_________________________________________________________________
On the road to retirement? Check out MSN Life Events for advice on how to 
get there! http://lifeevents.msn.com/category.aspx?cid=Retirement

More information about the Binutils mailing list