Re: 2.5.63 accesses below %esp (was: Re: ntfs OOPS (2.5.63))
Denis Vlasenko (vda@port.imtp.ilyichevsk.odessa.ua)
Tue, 18 Mar 2003 08:05:30 +0200
On 17 March 2003 23:43, Horst von Brand wrote:
> Denis Vlasenko <vda@port.imtp.ilyichevsk.odessa.ua> said:
> > On 15 March 2003 20:34, Horst von Brand wrote:
> > > Denis Vlasenko <vda@port.imtp.ilyichevsk.odessa.ua> said:
>
> [...]
>
> > > > Why not? Disassemble from, say, EIP-16 and check whether you
> > > > have an instruction starting exactly at EIP. If no, repeat from
> > > > EIP-15, -14... You are guaranteed to succeed at EIP-0 ;)
> > >
> > > But your previous success (if any) doesn't mean anything, and
> > > might even screw up the decoding after EIP
> >
> > How come? If I started to decode at EIP-n and got a sequence of
> > instructions at EIP-n, EIP-n+k1, EIP-n+k2, EIP-n+k3..., EIP,
> > instructions prior to EIP can be wrong. Instruction at EIP
> > and all subsequent ones ought to be right.
>
> Iff you exactly hit EIP that way (sure, should check). But wrong
> previous instructions _will_ confuse people or start them on all kind
> of wild goose chases. Too much work for a dubious gain.
You are right. But that is better than showing no prior instructions
at all. And most of the time (can I say 90% ?) prior instructions
will be ok.
--
vda
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/