HPE Community
Operating System - HP-UX
1834608 Members
2693 Online
110069 Solutions
New Discussion

Re: reconstructing biodone() routine from assembly code

 
Kallol Biswas
Occasional Contributor

‎11-23-2004 11:53 AM

‎11-23-2004 11:53 AM

reconstructing biodone() routine from assembly code

Hello,
We have been developing a product on hp-ux that requires understanding of biodone() rouine.

Kwdb is used to get the assembly code from running kernel. Now got stuck at the point where a global is accessed.

Kindly go through the following assembly lines and let me know a way to find out what the following lines have been doing, if it is possible.

0x12fd98 : copy %r26,%r3 // copy the first argument

%r3 contains struct buf *

(kwdb 0:0) q4 fields struct buf
0 0 4 0 int b_flags
%r25 will contain bp->b_flags;


0x12fd9c : ldw 0(%r3),%r25

if (bit (0x1f-0x1e = 1)) in %r25 is set then)
branch to biodone+0x1e4
from buf.h
#define B_DONE 0x00000002

if (bp->b_flags & B_DONE) {
jump to
}



0x12fda0 : bb,<,n %r25,0x1e,0x12ff74

// access to global

With kwdb the value of %dp & %r1 can be found out.

"ex %r1 using a" does not give any useful information, may be we need to consult the symbol table, right?

(kwdb 0:0) info reg r1
r1: bfc000

(kwdb 0:0) q4 ex 0xbfc000 using a
dmp_failover_sio+0x98


0x12fda4 : addil L'0x114000,%dp,%r1

The next line loads a field from offset
0xf8 into %23, how do we find out which
structure?

0x12fda8 : ldd 0xf8(%r1),%r23
0x12fdac : ldd 0x20(%r23),%r31
0x12fdb0 : extrd,u %r3,48,49,%r25
0x12fdb4 : extrd,u %r3,58,59,%r26
0x12fdb8 : xor %r25,%r26,%r24
0 Kudos
Reply
1 REPLY 1
Dennis Handly
Acclaimed Contributor

‎08-27-2007 05:17 PM

‎08-27-2007 05:17 PM

Re: reconstructing biodone() routine from assembly code

>We have been developing a product on hp-ux that requires understanding of biodone() routine.

Reverse engineering the kernel isn't supported and won't be compatible on future OS versions.
And on IPF, it gets even harder. ;-)

0x12fda4 : addil L'0x114000,%dp,%r1
0x12fda8 : ldd 0xf8(%r1),%r23

This loads a global or static pointer at %dp+0x114000+0xf8.

>The next line loads a field from offset 0xf8 into %23

No, it takes two instructions to load the pointer. Offset 0x20 is the field.

>how do we find out which structure?

There is no info on that except if there was debug info.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.