Linux syscall table from C re-written to assembly

Question

Linux syscall table from C re-written to assembly

So, from this code, a kernel module, there is a get_system_call function to get the x86_64 system call table.

#define IA32_LSTAR  0xc0000082

void *get_system_call(void)
{
  void *system_call;
  unsigned char *ptr;
  int i, low, high;

  asm volatile("rdmsr" : "=a" (low), "=d" (high) : "c" (IA32_LSTAR));

  system_call = (void*)(((long)high<<32) | low);

  printk(KERN_INFO "system_call: 0x%p\n", system_call);

  for (ptr=system_call, i=0; i<500; i++) {
     if (ptr[0] == 0xff && ptr[1] == 0x14 && ptr[2] == 0xc5)
        return (void*)(0xffffffff00000000 | *((unsigned int*)(ptr+3)));
  ptr++;
  }

  return NULL;
}

I try to rewrite the x86 assembly version like this:

global _start
section .text
_start:

mov ecx, 0xc0000082
rdmsr
mov edx, 32
mov ecx, edx
sal edx, cl
or eax, edx

.loop_init:
mov ecx, eax
add ecx, 500
jmp .loop_body

.loop:
add eax, 1
cmp ecx, eax
je .fail

.loop_body:
cmp byte [eax], 0xff
jne .loop
cmp byte [eax+1], 0x14
jne .loop
cmp byte [eax+2], 0xc5
jne .loop

.success:
mov ecx, 0xffffffff
mov eax, dword [eax+3]
or eax, ecx
ret

.fail:
xor eax, eax
ret

My question is: Is that correct or I'm totally wrong ?

linux

assembly

x86

x86-64

reverse-engineering

asked on Stack Overflow Jul 17, 2020 by (unknown user)

0 Answers

Nobody has answered this question yet.

User contributions licensed under CC BY-SA 3.0