> The problem is that several offsets will fit into this. Going
> backwards
You never ever go backwards. It's impossible. You always go ahead.
Even if you want to disassemble backwards you go ahead. How? You start
earlier but you must do it in a very limited times (compared to the
number of variations going backwards) with different offsets.
> > 2) has something to do with the C source code
> And how do you plan on achieving that? This one is
Manual investigation. I don't expect the kernel starts dumping the
"before code" at the correct instruction boundary even if Jonathan's
idea/code sounds brilliant to do so (I didn't check it).
What I tried to ask is purely just reading and dumping some bytes
before EIP also for postmortem analyses. That's all, nothing
complicated.
Szaka
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/