堆栈内存溢出
  简体   繁体   English

C 指针转换

[英]C pointers casting

 原文  2020-03-24 17:23:22       c/ casting/ kernel

问题描述

I am trying to print the first byte if a function in the Kernel.如果内核中的函数,我正在尝试打印第一个字节。 The function I want to print is 'filldir'.我要打印的函数是“filldir”。 I found it in the kernel using /proc/kallsyms我在内核中使用 /proc/kallsyms 找到了它

it's code is (address is ffffffff812e6020 ) -它的代码是(地址是ffffffff812e6020 ) -

    ffffffff812e6020:       e8 0b b9 91 00          callq  0xffffffff81c01930
    ffffffff812e6025:       55                      push   %rbp
    ffffffff812e6026:       48 89 e5                mov    %rsp,%rbp
    ffffffff812e6029:       41 57                   push   %r15

I found the same address (I think so) using this code in my kernel module -我在内核模块中使用此代码找到了相同的地址(我认为是这样)-

    typedef unsigned long psize;
    (psize *) filldir;

    filldir= (void *)kallsyms_lookup_name("filldir");
    printk("rooty: sys_call_table found at %p\n", filldir);

and got - 000000001663973a , I don't know why there is a difference, I tried casting it to long and unsigned long but the result is same.并得到 - 000000001663973a ,我不知道为什么会有区别,我尝试将其转换为longunsigned long但结果相同。

so my first question is, why there is a difference ?所以我的第一个问题是,为什么会有区别? I am pretty sure that it's the same address that is just printed in different way ... how can I get the right value ?我很确定它是以不同方式打印的相同地址......我怎样才能获得正确的值?

My second question , I am trying to print the first byte of the function ( e8 ), but I have no idea how to do that.我的第二个问题,我正在尝试打印函数的第一个字节 ( e8 ),但我不知道该怎么做。

i tried these options -我试过这些选项 -

    printk("%x", *filldir);
    printk("%x", *(unsigned char*)filldir); 
    printk("%x", (unsigned char*)filldir[0]);

but none of them worked, never got e8 .但他们都没有工作,从来没有得到e8

How can I print the first byte of a function when I have the pointer to the function?当我有指向函数的指针时,如何打印函数的第一个字节?

1 个解决方案

解决方案1
 0 已采纳  2020-03-25 16:54:33

Regarding to your first question (why the difference), %p format specifier is hashed before being printed to prevent address leaking.关于你的第一个问题(为什么不同), %p格式说明符在打印之前被散列以防止地址泄漏。 Right format is %px [1].正确的格式是%px [1]。 Casting the parameters outside of the format string is not going to affect that.在格式字符串之外转换参数不会影响它。

Regarding the second one, the second option should be the valid one.关于第二个,第二个选项应该是有效的。 The other ones could work in some environments but is not defined what they should do.其他的可以在某些环境中工作,但没有定义它们应该做什么。

You can try in userland:您可以在用户空间中尝试:

#include <stdio.h>

int square(int num) {
    return num * num;
}

int main() {
    printf("%x\n", *(unsigned char *)square);
    return 0;
}

[1] https://www.kernel.org/doc/html/latest/core-api/printk-formats.html [1] https://www.kernel.org/doc/html/latest/core-api/printk-formats.html

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在C中转换void指针 - Casting void pointers in C C 中的指针和转换 - Pointers in C and casting 在C中“即时”投射指针 - Pointers casting in C “on the fly” C语言中的指针和类型转换 - Pointers and type casting in C 在C中使用指针进行类型转换 - Type casting with pointers in C 然后在C中强制引用指针 - casting then dereferencing pointers in C C中的指针类型铸造 - Type Casting of pointers in C Function 指针铸造在 C - Function Pointers Casting in C 在C中使用指针进行转换 - casting with pointers in C 在 C 中转换结构指针 - Casting struct pointers in C
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM