Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  nodelist  faq  login

Computers are useless. They can only give you answers. -- Pablo Picasso


programming / alt.lang.asm / get_pc_thunk and Virtual Address Space - how is the location of .data determined within asm code?

SubjectAuthor
o get_pc_thunk and Virtual Address Space - how is the location of .dataVeek M

1
Subject: get_pc_thunk and Virtual Address Space - how is the location of .data determined within asm code?
From: Veek M
Newsgroups: alt.lang.asm
Organization: A noiseless patient Spider
Date: Sat, 4 Jan 2020 16:03 UTC
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder.eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: vee...@dont-use-this.com (Veek M)
Newsgroups: alt.lang.asm
Subject: get_pc_thunk and Virtual Address Space - how is the location of .data
determined within asm code?
Date: Sat, 4 Jan 2020 16:03:12 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 60
Message-ID: <pan$12ea4$497d3885$9abc0ec$5b9bf411@dont-use-this.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Sat, 4 Jan 2020 16:03:12 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="f3256a5f54575ce9277b22f1c2171c34";
logging-data="18101"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18TNkZ8cOK+pdM3ugGxOzfY"
User-Agent: Pan/0.145 (Duplicitous mercenary valetism; d7e168a
git.gnome.org/pan2)
Cancel-Lock: sha1:H4G/EO3wzeaJh3rFShzGr1s+h+0=
View all headers
https://www.technovelty.org/linux/plt-and-got-the-key-to-code-sharing-and-
dynamic-libraries.html

I was reading this article (below) and I am unclear regarding this stmt:
     add    $0x115c,%ecx
(I got the thunk-stuff - call/rIP)

1.
Kerrisk/ https://i.imgur.com/0Cv4ChM.png indicates that the .text starts
at 0x08048 000 -- 128MB into the VAS..
But rIP+0x115c = 0x1570 is 5488 decimal which is barely larger than the
page size of 4096 bytes wrt https://www.tldp.org/LDP/tlk/mm/memory.html

Therefore what is going on here?

2. How is the VAS divided since it can have unused areas that have no
mapping to real memory - can the .text segment in VAS have unused areas?
Or is the unused ares restricted to just after the heap.

3. How do we/the C compiler figure out what the etext, edata etc are?
Since the VAS is NOT FULLY used and the utilization is app dependent, the
size of the app .text would determine where the .etext is located in VAS?
Small app, fewer pages, therefore .etext is reached sooner? And all of
this will have to fit in with the various libraries being loaded as well?

(I haven't reached the GOT yet so.. libraries are still unclear)

I'm reading from Kerrisk and Seyfarth so .. any other book that explains
all this?


---------------------
https://www.technovelty.org/linux/plt-and-got-the-key-to-code-sharing-and-
dynamic-libraries.html

0000040c <function>:
 40c:    55         push   %ebp 40d:    89 e5                  mov  
 %esp,%ebp 40f:    e8 0e 00 00 00         call   422
 <__i686.get_pc_thunk.cx>
 414:    81 c1 5c 11 00 00      add    $0x115c,%ecx 41a:    8b 81 18 00 00
 00      mov    0x18(%ecx),%eax 420:    5d                     pop    %ebp
 421:    c3                     ret

00000422 <__i686.get_pc_thunk.cx>:
 422:    8b 0c 24       mov    (%esp),%ecx 425:    c3                   
 ret
------------------------

The magic here is __i686.get_pc_thunk.cx. The architecture does not let us
get the current instruction address, but we can get a known fixed address
— the value __i686.get_pc_thunk.cx pushes into cx is the return value from
the call, i.e in this case 0x414. Then we can do the maths for the add
instruction; 0x115c + 0x414 = 0x1570, the final move goes 0x18 bytes past
that to 0x1588 ... checking the disassembly

00001588 <global>:
    1588:       64 00 00                add    %al,%fs:(%eax)

i.e., the value 100 in decimal, stored in the data section.



1
rocksolid light 0.7.2
clearneti2ptor