-
x86_64 int $0x80
Hi,
I have an unusual question....
When we are in the x86 environment and call int $0x80 certain registers are pushed and popped off the stack
with the exercise completing with iret(see below).
Code:
__asm__ (
"pushl %es\n\t"
"pushl %ds\n\t"
"pushl %eax\n\t"
"pushl %ebp\n\t"
"pushl %edi\n\t"
"pushl %esi\n\t"
"pushl %edx\n\t"
"pushl %ecx\n\t"
"pushl %ebx\n\t"
"popl %ebx\n\t"
"popl %ecx\n\t"
"popl %edx\n\t"
"popl %esi\n\t"
"popl %edi\n\t"
"popl %ebp\n\t"
"popl %eax\n\t"
"popl %ds\n\t"
"popl %es\n\t"
"iret"
);
Now my question is, when we are in an x86_64 environment and we call int $0x80 what happens? Do we use the same above routine
but with 64 bit pushq and popq(using popl pushl in x86_64 is illegal)? Or do we push and pop the registers used for the syscall opcode?
I looked in the source code and I can't find anything to say for certain what happens...Any help will be appreciated Gerard4143
-
Found the answer
In x86_64, int $0x80 will push ss, rsp, rflags, cs and rip on the stack and iretq will pop these values off. If your interested the AMD and Intel manuals explain the process in detail...
Now with this knowledge, and a kernel module, I've created my own software interrupt "int $0x81" which works...well it works just as long as I don't call anything that calls int $0x80 or syscall. This may sound like a limitation but it isn't, since I was only interested in the process of setting up a software interrupt and communicating with the kernel in a limited way...maybe if time and curiosity permits I'll upgrade this interface to allow for the standard Linux int $0x80 and syscall...Gerard4143
