Get the value of EIP? - x86 Assembly - Forums at ProgrammersHeaven.com

x86 Assembly

Moderators: None (Apply to moderate this forum)

Number of threads: 4544
Number of posts: 15988

With full replies

Topics only

x86 Assembly

Forum Info

This Forum Only

Single Post View Linear View Threaded View f

Printer Friendly

RSS Feed

Get the value of EIP? Posted by MT2002 on 15 Apr 2007 at 2:54 AM

Hello everyone,

As some of you may know Im developing a 32bit OS. Im currently
developing a way to trap kernel errors, and output debug information.

The problem: I cant, of course, access EIP.

I know there is a way of getting EIPs value, but what?

Thanks for any help!

Share By Email

Re: Get the value of EIP? Posted by IDK on 15 Apr 2007 at 3:51 AM

:
: Hello everyone,
:
: As some of you may know Im developing a 32bit OS. Im currently
: developing a way to trap kernel errors, and output debug information.
:
: The problem: I cant, of course, access EIP.
:
: I know there is a way of getting EIPs value, but what?
:
: Thanks for any help!
:
:

Hmm, how does your error code get called?

If it's called with int or call, then the address should be on the stack.

Share By Email

Re: Get the value of EIP? Posted by MT2002 on 15 Apr 2007 at 7:23 AM

: :
: : Hello everyone,
: :
: : As some of you may know Im developing a 32bit OS. Im currently
: : developing a way to trap kernel errors, and output debug information.
: :
: : The problem: I cant, of course, access EIP.
: :
: : I know there is a way of getting EIPs value, but what?
: :
: : Thanks for any help!
: :
: :
:
: Hmm, how does your error code get called?
:
: If it's called with int or call, then the address should be on the stack.
:
:

Its envoked by my exception handler (The exceptions are hardware
exceptions envoked through the interrupt descriptor table (IDT)).
Its executed through the interrupr table:

;------------------------------
;	Divide by 0
;------------------------------

SysDivide_Error:

; some code...

	push 01h
	call _KERNEL_TRAP
	pop ax

	hlt
	
; some code...
	iret

My _KERNEL_TRAP is a C routine used to output the debugging information,
and error information..

void KERNEL_TRAP (unsigned int exception) {

// Output registers, stack trace, and small mem dump
// from some bytes from EIP--Or so I want to

   // How should I get EIP? Or better: How should I
   // get the address of the faulting instruction?

}

Do you have any suggestions?

Thanks for the reply!

Share By Email

Re: Get the value of EIP? Posted by frank91 on 15 Apr 2007 at 7:13 AM

:
: Hello everyone,
:
: As some of you may know Im developing a 32bit OS. Im currently
: developing a way to trap kernel errors, and output debug information.
:
: The problem: I cant, of course, access EIP.
:
: I know there is a way of getting EIPs value, but what?
:
: Thanks for any help!
:
:
There are two ways to do it, on is with an interrupt and the other is with a bogus function call. When an interrupt happens the stack looks like the following:

ESP:     error code - sometimes on certain cpu exceptions like a page fault
ESP + 4: eip
ESP + 8: cs
ESP + A: eflags

so you could get EIP like this, in an interupt handler of course:

mov eax, [esp] ; or esp + 4 if the processor pushed an error code

The other way is with a bogus function call, when a function is called its stack looks like this

ESP: eip
ESP + 4: parameters to the function, if passed on stack

so you could get eip like this

get_eip:
mov eax, [esp]
ret

Share By Email

Re: Get the value of EIP? Posted by MT2002 on 15 Apr 2007 at 8:19 AM

: :
: : Hello everyone,
: :
: : As some of you may know Im developing a 32bit OS. Im currently
: : developing a way to trap kernel errors, and output debug information.
: :
: : The problem: I cant, of course, access EIP.
: :
: : I know there is a way of getting EIPs value, but what?
: :
: : Thanks for any help!
: :
: :
: There are two ways to do it, on is with an interrupt and the other is with a bogus function call. When an interrupt happens the stack looks like the following:
:

: ESP:     error code - sometimes on certain cpu exceptions like a page fault
: ESP + 4: eip
: ESP + 8: cs
: ESP + A: eflags
:

: so you could get EIP like this, in an interupt handler of course:
:

: mov eax, [esp] ; or esp + 4 if the processor pushed an error code
:

:
: The other way is with a bogus function call, when a function is called its stack looks like this
:

: ESP: eip
: ESP + 4: parameters to the function, if passed on stack
:

: so you could get eip like this
:

: get_eip:
: mov eax, [esp]
: ret
:

:

I tried the interrupt version, and it seems to work.

Thanks alot!

Share By Email

Re: Get the value of EIP? Posted by m34tb34t on 20 Oct 2010 at 12:51 AM

I didn't read this thread well enough. My reply was already posted...

Share By Email

Re: Get the value of EIP? Posted by JW_post on 8 Aug 2011 at 2:50 PM

/* this is what I do. I put this inside my _try/_except SEH blocks.
the below will put the target EIP into the class variable OurEaddr, which also happens in this case to be a possible offending exception address. I can further test for this addr in my filter function to varify that it is in fact MY exception so I can choose to handle it or pass it on if not. Compiles with MS VC 2005 */

_asm
{
mov ebx, this //C++ Class scope vars so requires 'this' + offset
mov eax, TEST_EIP //Grab the (possible) offending addr
mov [ebx + OurEaddr], eax
TEST_EIP: mov eax, [ebx + ppScratch] // except to filter if so.
}

Share By Email

This post has been deleted. Posted by JW_post on 8 Aug 2011 at 2:52 PM

This post has been deleted.

Share By Email

x86 Assembly

Recent Jobs