Nevermind. It's rdi and rsi that I should use. Sorry for the wasted
bandwidth. ;)
Thanks,
Shawn
On Mon, Jan 16, 2012 at 7:41 PM, Shawn Webb <lattera@gmail.com>
wrote:> Hey stable@,
>
> First off, I'm not too sure if this is the right mailing list (maybe
> freebsd-hackers@?). Sorry if it is. This is just the mailing list I
> subscribe to, so I thought I'd start here.
>
> Anyways, I'm looking at the regs struct (machine/reg.h) on FreeBSD
> 9-stable amd64. It appears that struct doesn't contain registers such
> as edi and esi. However, FreeBSD amd64's syscall calling convention
> mandates their use. I'm using ptrace to get and set the registers.
> Anyone know how to grab those registers?
>
> Sample code that shows using edi, esi on amd64 and calls the exit syscall:
>
> [shawn@fbsd-sec ~/tmp]$ uname -a
> FreeBSD fbsd-sec 9.0-PRERELEASE FreeBSD 9.0-PRERELEASE #1: Thu Dec 15
> 06:17:41 MST 2011 ? ? shawn@fbsd-sec:/usr/obj/usr/src/sys/SEC ?amd64
> [shawn@fbsd-sec ~/tmp]$ gdb ./test
> GNU gdb 6.1.1 [FreeBSD]
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you
are
> welcome to change it and/or distribute copies of it under certain
conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB. ?Type "show warranty"
for details.
> This GDB was configured as "amd64-marcel-freebsd"...(no debugging
> symbols found)...
> (gdb) disass _start
> Dump of assembler code for function _start:
> 0x0000000000400080 <_start+0>: ?mov ? ?$0x1,%edi
> 0x0000000000400085 <_start+5>: ?mov ? ?$0x5,%esi
> 0x000000000040008a <_start+10>: syscall
> End of assembler dump.
> (gdb) run
> Starting program: /usr/home/shawn/tmp/test
>
> Program exited with code 05.
> (gdb) exit
> Undefined command: "exit". ?Try "help".
> (gdb) [shawn@fbsd-sec ~/tmp]$ file test
> test: ELF 64-bit LSB executable, x86-64, version 1 (FreeBSD),
> statically linked, not stripped
>
> Thanks,
>
> Shawn