Get the value of EIP?
[blue]
Hello everyone,
As some of you may know Im developing a 32bit OS. Im currently
developing a way to trap kernel errors, and output debug information.
The problem: I cant, of course, access EIP.
I know there is a way of getting EIPs value, but what?
Thanks for any help!
[/blue]
Hello everyone,
As some of you may know Im developing a 32bit OS. Im currently
developing a way to trap kernel errors, and output debug information.
The problem: I cant, of course, access EIP.
I know there is a way of getting EIPs value, but what?
Thanks for any help!
[/blue]
Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Categories
- 140.8K All Categories
- 103.6K Programming Languages
- 6.4K Assembler Developer
- 401 Assembly Code Share
- 239 Getting started in assembly
- 4.6K x86 Assembly
- 1.9K Basic
- 97 Qbasic
- 39.9K C and C++
- 5.6K Beginner C/C++
- 330 C/C++ on Linux/Unix
- 450 C/C++ Windows API
- 522 C++ Builder
- 253 C++ Game Development
- 3.3K C++ MFC
- 103 C++.NET
- 404 Visual C++
- 2.9K C#
- 7.9K Delphi and Kylix
- 334 Advanced Delphi
- 360 Delphi beginners
- 4 Haskell
- 9.7K Java
- 56 Enterprise JavaBeans
- 1.3K Java Beginners
- 304 Java Server Pages
- 4.1K Pascal
- 1.3K Perl
- 11 Perl 6
- 2K PHP
- 546 Python
- 37 Ruby
- 4.4K VB.NET
- 258 Advanced VB.Net
- 1.6K VBA
- 20.9K Visual Basic
- 767 Access databases and VB
- 831 Advance Visual Basic
- 1.2K Beginner VB
- 2.6K Game programming
- 315 Console programming
- 90 DirectX Game dev
- 1 Minecraft
- 112 Newbie Game Programmers
- 2 Oculus Rift
- 9K Applications
- 1.8K Computer Graphics
- 279 3D Graphics
- 129 DirectX
- 125 OpenGL
- 740 Computer Hardware
- 9 Cooling & Overclocking
- 3.4K Database & SQL
- 1.1K Access
- 91 ADO Programming
- 288 MySQL
- 358 Oracle
- 440 SQL-Server
- 535 Electronics development
- 1.6K Matlab
- 628 Sound & Music
- 25 DirectSound
- 257 XML Development
- 3.3K Classifieds
- 200 Co-operative Projects
- 198 For sale
- 190 FreeLance Software City
- 1.9K Jobs Available
- 603 Jobs Wanted
- 209 Wanted
- 2.9K Microsoft .NET
- 1.8K ASP.NET
- 1.1K .NET General
- 22 .NET WEB-Services
- 129 .NET WinForms
- 14 .NET XML
- 50 ADO.NET
- 144 C# & VB.NET School Support
- 3.4K Miscellaneous
- 4 Join the Team
- 354 Comments on this site
- 69 Computer Emulators
- 2.1K General programming
- 187 New programming languages
- 621 Off topic board
- 200 Mobile & Wireless
- 72 Android
- 126 Palm Pilot
- 338 Multimedia
- 154 Demo programming
- 184 MP3 programming
- 0 Bash scripts
- 27 Cloud Computing
- 1 Witsbits Go Cloud
- 53 FreeBSD
- 1.7K LINUX programming
- 1 Awk scripting
- 332 Linux Support
- 0 Sed scripting
- 370 MS-DOS
- 0 Shell scripting
- 321 Windows CE & Pocket PC
- 4.1K Windows programming
- 177 COM/DCOM
- 61 Networking And Security
- 17 Windows 2003 Server
- 6 Windows Vista
- 176 Windows XP
- 941 Software Development
- 417 Algorithms
- 68 Object Orientation
- 24 RUP & UML
- 92 Project Management
- 95 Quality & Testing
- 268 Security
- 63 Evil Scripting
- 81 Hacking
- 7.7K WEB-Development
- 1.8K Active Server Pages
- 61 AJAX
- 4 Bootstrap Themes
- 55 CGI Development
- 28 ColdFusion
- 224 Flash development
- 1.4K HTML & WEB-Design
- 1.4K Internet Development
- 131 Mobile Internet & Messaging
- 211 Wireless development
- 2.2K JavaScript
- 37 JQuery
- 304 WEB Servers
- 153 Apache
- 79 IIS
- 150 WEB-Services / SOAP
Comments
: Hello everyone,
:
: As some of you may know Im developing a 32bit OS. Im currently
: developing a way to trap kernel errors, and output debug information.
:
: The problem: I cant, of course, access EIP.
:
: I know there is a way of getting EIPs value, but what?
:
: Thanks for any help!
: [/blue]
:
Hmm, how does your error code get called?
If it's called with int or call, then the address should be on the stack.
: Hello everyone,
:
: As some of you may know Im developing a 32bit OS. Im currently
: developing a way to trap kernel errors, and output debug information.
:
: The problem: I cant, of course, access EIP.
:
: I know there is a way of getting EIPs value, but what?
:
: Thanks for any help!
: [/blue]
:
There are two ways to do it, on is with an interrupt and the other is with a bogus function call. When an interrupt happens the stack looks like the following:
[code]
ESP: error code - sometimes on certain cpu exceptions like a page fault
ESP + 4: eip
ESP + 8: cs
ESP + A: eflags
[/code]
so you could get EIP like this, in an interupt handler of course:
[code]
mov eax, [esp] ; or esp + 4 if the processor pushed an error code
[/code]
The other way is with a bogus function call, when a function is called its stack looks like this
[code]
ESP: eip
ESP + 4: parameters to the function, if passed on stack
[/code]
so you could get eip like this
[code]
get_eip:
mov eax, [esp]
ret
[/code]
: : Hello everyone,
: :
: : As some of you may know Im developing a 32bit OS. Im currently
: : developing a way to trap kernel errors, and output debug information.
: :
: : The problem: I cant, of course, access EIP.
: :
: : I know there is a way of getting EIPs value, but what?
: :
: : Thanks for any help!
: : [/blue]
: :
:
: Hmm, how does your error code get called?
:
: If it's called with int or call, then the address should be on the stack.
:
:
[blue]
Its envoked by my exception handler (The exceptions are hardware
exceptions envoked through the interrupt descriptor table (IDT)).
Its executed through the interrupr table:
[/blue][code]
;------------------------------
; Divide by 0
;------------------------------
SysDivide_Error:
; some code...
push 01h
[blue] call _KERNEL_TRAP[/blue]
pop ax
hlt
; some code...
iret
[/code][blue]
My _KERNEL_TRAP is a C routine used to output the debugging information,
and error information..[/blue]
[code]
void KERNEL_TRAP (unsigned int exception) {
[blue]// Output registers, stack trace, and small mem dump
// from some bytes from EIP--Or so I want to[/blue]
// How should I get EIP? Or better: How should I
// get the address of the faulting instruction?
}
[/code][blue]
Do you have any suggestions?
Thanks for the reply!
[/blue]
: : Hello everyone,
: :
: : As some of you may know Im developing a 32bit OS. Im currently
: : developing a way to trap kernel errors, and output debug information.
: :
: : The problem: I cant, of course, access EIP.
: :
: : I know there is a way of getting EIPs value, but what?
: :
: : Thanks for any help!
: : [/blue]
: :
: There are two ways to do it, on is with an interrupt and the other is with a bogus function call. When an interrupt happens the stack looks like the following:
: [code]
: ESP: error code - sometimes on certain cpu exceptions like a page fault
: ESP + 4: eip
: ESP + 8: cs
: ESP + A: eflags
: [/code]
: so you could get EIP like this, in an interupt handler of course:
: [code]
: mov eax, [esp] ; or esp + 4 if the processor pushed an error code
: [/code]
:
: The other way is with a bogus function call, when a function is called its stack looks like this
: [code]
: ESP: eip
: ESP + 4: parameters to the function, if passed on stack
: [/code]
: so you could get eip like this
: [code]
: get_eip:
: mov eax, [esp]
: ret
: [/code]
:
[blue]
I tried the interrupt version, and it seems to work.
Thanks alot!:-)[/blue]
the below will put the target EIP into the class variable OurEaddr, which also happens in this case to be a possible offending exception address. I can further test for this addr in my filter function to varify that it is in fact MY exception so I can choose to handle it or pass it on if not. Compiles with MS VC 2005 */
_asm
{
mov ebx, this //C++ Class scope vars so requires 'this' + offset
mov eax, TEST_EIP //Grab the (possible) offending addr
mov [ebx + OurEaddr], eax
TEST_EIP: mov eax, [ebx + ppScratch] // except to filter if so.
}