汇编:
c045b788 <netlink_lookup.isra.17>:
c045b788: e1a0c00d mov ip, sp
c045b78c: e92dd878 push {r3, r4, r5, r6, fp, ip, lr, pc}
c045b790: e24cb004 sub fp, ip, #4
c045b794: e0605180 rsb r5, r0, r0, lsl #3==>这里的r0是什么,第一个参数net?如果是左移三位是啥意思?
c045b798: e59f00ec ldr r0, [pc, #236] ; c045b88c <PRRR+0xc13b36e4> ==> r0 为全局变量 nl_table
c045b79c: e1a04001 mov r4, r1 ==> 将第二个参数protocol给r4?
c045b7a0: e1a05185 lsl r5, r5, #3 ==>r5又是什么?
c045b7a4: e4906004 ldr r6, [r0], #4 ==>r6 为 nl_table; r0 为 nl_table + 4 ?
c045b7a8: eb0456d3 bl c05712fc <_raw_read_lock>
c045b7ac: e30b1eef movw r1, #48879 ; 0xbeef
c045b7b0: e0860005 add r0, r6, r5 r0 : 840004c3 r6 : 84000143 r5 : 00000380
c045b7b4: e34d1ead movt r1, #57005 ; 0xdead
c045b7b8: e30b2eef movw r2, #48879 ; 0xbeef
c045b7bc: e3003855 movw r3, #2133 ; 0x855
c045b7c0: e590e018 ldr lr, [r0, #24]
源码:
static struct sock *netlink_lookup(struct net *net, int protocol, u32 pid)
{
struct nl_pid_hash *hash = &nl_table[protocol].hash;
struct hlist_head *head;
struct sock *sk;
struct hlist_node *node;
read_lock(&nl_table_lock);
head = nl_pid_hashfn(hash, pid);
sk_for_each(sk, node, head) {
if (net_eq(sock_net(sk), net) && (nlk_sk(sk)->pid == pid)) {
sock_hold(sk);
goto found;
}
}
sk = NULL;
found:
read_unlock(&nl_table_lock);
return sk;
}
------解决方案--------------------
今天又稍微仔细地看了一下得到这些推测:
1.该程序可能用了特殊的编译器或者编译选项,参数传递不符合一般abi
2.进入函数时,r0=protocol,r1=pid
3.nl_table数组的每个成员大小为56字节
理由:
c045b794: e0605180 rsb r5, r0, r0, lsl #3
=> r5=protocol*7
c045b7a0: e1a05185 lsl r5, r5, #3
=> r5=r5*8=protocol*56
c045b7b0: e0860005 add r0, r6, r5 r0 : 840004c3 r6 : 84000143 r5 : 00000380
=> 因为r5=0x380,因此反推protocol=16
综上,c045b7b0: e0860005 add r0, r6, r5
r0=&nl_table[protocol],其中protocol=16
至于net去哪了我也不知道,楼主给的汇编里没有涉及