Find the answer to your Linux question:
Results 1 to 2 of 2
Hi, I have an unusual question.... When we are in the x86 environment and call int $0x80 certain registers are pushed and popped off the stack with the exercise completing ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Enthusiast gerard4143's Avatar
    Join Date
    Dec 2007
    Location
    Canada, Prince Edward Island
    Posts
    714

    x86_64 int $0x80


    Hi,

    I have an unusual question....

    When we are in the x86 environment and call int $0x80 certain registers are pushed and popped off the stack
    with the exercise completing with iret(see below).

    Code:
    __asm__ (
    
    			"pushl	%es\n\t"
    
    			"pushl	%ds\n\t"
    
    			"pushl	%eax\n\t"
    
    			"pushl	%ebp\n\t"
    
    			"pushl	%edi\n\t"
    
    			"pushl	%esi\n\t"
    
    			"pushl	%edx\n\t"
    
    			"pushl	%ecx\n\t"
    
    			"pushl	%ebx\n\t"
    
    
    
    
    			"popl	%ebx\n\t"
    
    			"popl	%ecx\n\t"
    
    			"popl	%edx\n\t"
    
    			"popl	%esi\n\t"
    
    			"popl	%edi\n\t"
    
    			"popl	%ebp\n\t"
    
    			"popl	%eax\n\t"
    
    			"popl	%ds\n\t"
    
    			"popl	%es\n\t"
    
    			"iret"
    
    		);
    Now my question is, when we are in an x86_64 environment and we call int $0x80 what happens? Do we use the same above routine
    but with 64 bit pushq and popq(using popl pushl in x86_64 is illegal)? Or do we push and pop the registers used for the syscall opcode?
    I looked in the source code and I can't find anything to say for certain what happens...Any help will be appreciated Gerard4143

  2. #2
    Linux Enthusiast gerard4143's Avatar
    Join Date
    Dec 2007
    Location
    Canada, Prince Edward Island
    Posts
    714

    Found the answer

    In x86_64, int $0x80 will push ss, rsp, rflags, cs and rip on the stack and iretq will pop these values off. If your interested the AMD and Intel manuals explain the process in detail...

    Now with this knowledge, and a kernel module, I've created my own software interrupt "int $0x81" which works...well it works just as long as I don't call anything that calls int $0x80 or syscall. This may sound like a limitation but it isn't, since I was only interested in the process of setting up a software interrupt and communicating with the kernel in a limited way...maybe if time and curiosity permits I'll upgrade this interface to allow for the standard Linux int $0x80 and syscall...Gerard4143

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •