You can walk the backtrace if you compiled the code without -fomit-framepointers. The frame pointers are set at the beginning of each function: push %ebp mov %esp, %ebp
Thus, in any function, %ebp points to the current frame pointer, and %bp to the previous. You know that at -4(%ebp) there is the return address. Then, you know that at -4((%ebp)) (double indirection :), there is the other return address. And so on. Well, that's the idea. Maybe I gave the wrong offsets. :) gcc guarantees that %bp is only used for frame pointers. Otherwise the backtrace doesn't work. :) 2007/4/2, pancake <[EMAIL PROTECTED]>: > > (Thank you for all your answers!) > > 2007/4/2, pancake <[EMAIL PROTECTED]>: > >> > gdb question: > >> > Is there a variable for the frame pointer when I'm "in a frame"? (f 1, > >> f > >> > 2...) > >> > >> hehe, nope, but there's a glibc symbol that allows you to guess that, no > >> idea if this is in runtime or also dumped when the program dies. > >> > >> I implement this in libsfp (stack frame protector), no idea where's the, > >> source, but I'll look for it, if google doesn't. > > > > %ebp always points to the current stack pointer, according to the > > frame selected. Finally I found the answer. :) > > Yup :) The way to walk stack frames up is (afaik) using the undocumented > symbol of glibc, but no idea if there's a way to do that in other way. > > Can you bring me a bit of light on this? Would be cool to implement the > 'backtrace' (bt) command in libps2fd. > > BTW i'll look for a these CORE stuff...so i've found something really > INTERESTING: > > http://code.google.com/p/google-coredumper/ > > Maybe we can use this library to parse a core. And use't for parsing't > or so. btw it looks like an interesting project. > > >From the wikipedia page[1] there's more interesting stuff like this blues: > > http://www.pvv.ntnu.no/~steinl/vitser/core.html > > Referer: http://en.wikipedia.org/wiki/Core_dump > > Have phun ^^ > > --pancake > > _______________________________________________ > radare mailing list > [email protected] > https://lists.nopcode.org/mailman/listinfo/radare > _______________________________________________ radare mailing list [email protected] https://lists.nopcode.org/mailman/listinfo/radare
