反汇编调试之分析OOPS

反汇编调试之分析OOPShttps://mp.weixin.qq.com/s?__biz=Mzg3NDkwMjc2NA==&mid=2247483761&idx=1&sn=cda02350108ce70be6c074e8cee26527&chksm=cec8e4f2f9bf6de40af22057d5a953009671826360967667dcf05de822ddc3045fb5e8d6e1c6#rd

1 oops信息

[    3.420368] --- create_oops_info_init --- 11 ---
[    3.425055] Unable to handle kernel NULL pointer dereference at virtual address 00000000
[    3.433155] pgd = 80004000
[    3.435966] [00000000] *pgd=00000000
[    3.439575] Internal error: Oops: 805 [#1] PREEMPT SMP ARM
[    3.445067] Modules linked in:
[    3.448152] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.1.15-gea6003fd-dirty #5
[    3.455467] Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
[    3.462002] task: d8070000 ti: d8074000 task.ti: d8074000
[3.467416] PC is at create_oops_info_init+0x20/0x28 内核崩溃时，PC所指向的地址为create_oops_info_init函数地址加0x20
[3.472390] LR is at create_oops_info_init+0x1c/0x28 指示函数崩溃时，当前的链接地址
[    3.477366] pc : [<8062c44c>]    lr : [<8062c448>]    psr: 40000113
[    3.477366] sp : d8075f08  ip : 00000000  fp : 00000000
[    3.488849] r10: 80bcc394  r9 : 80bbf89c  r8 : 00000000
[    3.494081] r7 : 8062c42c  r6 : d86c3f40  r5 : 80bdc860  r4 : 80bdc860
[    3.500614] r3 : 00000000  r2 : 00200000  r1 : 00000000  r0 : 00000000
[    3.507150] Flags: nZcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment kernel
[    3.514466] Control: 10c53c7d  Table: 1000404a  DAC: 00000015
[    3.520218] Process swapper/0 (pid: 1, stack limit = 0xd8074210)
[    3.526232] Stack: (0xd8075f08 to 0xd8076000)
[    3.530599] 5f00:                   80bdc860 80009718 80bbf878 8014094c 00000000 d811a180
[    3.538786] 5f20: 00000000 80be45a8 60000113 00000000 ef7ff96a ef7ff968 80854da4 8004d56c
[    3.546974] 5f40: 00000000 80aa83a4 00000006 00000006 80be4590 0000014d 00000006 80c52000
[    3.555161] 5f60: 0000014d 00000006 80c52000 80c52000 80bbf894 80b64dbc 00000006 00000006
[    3.563348] 5f80: 80b64594 80051c2c 00000000 8081cd14 00000000 00000000 00000000 00000000
[    3.571535] 5fa0: 00000000 8081cd1c 00000000 8000f528 00000000 00000000 00000000 00000000
[    3.579721] 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[    3.587909] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000 e33d3fbc eeb40a4c
[    3.596111] [<8062c44c>] (create_oops_info_init) from [<80009718>] (do_one_initcall+0x8c/0x1d4)
[    3.604831] [<80009718>] (do_one_initcall) from [<80b64dbc>] (kernel_init_freeable+0x144/0x1e4)
[    3.613550] [<80b64dbc>] (kernel_init_freeable) from [<8081cd1c>] (kernel_init+0x8/0xe8)
[    3.621660] [<8081cd1c>] (kernel_init) from [<8000f528>] (ret_from_fork+0x14/0x2c)
[    3.629242] Code: e3a0200b e34800ad eb07ca5a e3a00000 (e5c00000) 
[    3.635430] ---[ end trace 02e4f3a9d5559063 ]---
[    3.640076] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
[    3.640076] 
[    3.649227] CPU1: stopping
[    3.651953] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G      D         4.1.15-gea6003fd-dirty #5
[    3.660484] Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
[    3.667041] [<80015d78>] (unwind_backtrace) from [<8001271c>] (show_stack+0x10/0x14)
[    3.674805] [<8001271c>] (show_stack) from [<80820e50>] (dump_stack+0x84/0xc4)
[    3.682044] [<80820e50>] (dump_stack) from [<80014c80>] (handle_IPI+0x178/0x18c)
[    3.689454] [<80014c80>] (handle_IPI) from [<80009480>] (gic_handle_irq+0x58/0x5c)
[    3.697035] [<80009480>] (gic_handle_irq) from [<80013200>] (__irq_svc+0x40/0x74)
[    3.704524] Exception stack(0xd8097f78 to 0xd8097fc0)
[    3.709584] 7f60:                                                       00000001 00000000
[    3.717774] 7f80: 00000000 8001f4e0 d8096000 80bd59e4 8082b8bc 00000000 00000000 d8097fc8
[    3.725962] 7fa0: 00000001 00000000 01000000 d8097fc0 8000ff64 8000ff68 60000113 ffffffff
[    3.734151] [<80013200>] (__irq_svc) from [<8000ff68>] (arch_cpu_idle+0x38/0x3c)
[    3.741567] [<8000ff68>] (arch_cpu_idle) from [<80065138>] (cpu_startup_entry+0x288/0x320)
[    3.749846] [<80065138>] (cpu_startup_entry) from [<1000952c>] (0x1000952c)
[    3.756820] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b

2 产生oops的源码

#include <linux/module.h>
#include <linux/moduleparam.h>
#include <linux/kernel.h>
#include <linux/init.h>
#include <linux/delay.h>


static int create_oops_info_init(void)
{
        char *tp = NULL;
        printk("--- %s --- %d ---\n", __FUNCTION__, __LINE__);
        *tp = 0;
        return 0;
}


static void create_oops_info_exit(void)
{
        printk("--- %s --- %d ---\n", __FUNCTION__, __LINE__);
        return;
}


module_init(create_oops_info_init);
module_exit(create_oops_info_exit);


MODULE_DESCRIPTION("Test by HuSiZhuLuanXiang. Create the oops info!");
MODULE_AUTHOR("HuSiZhuLuanXiang");
MODULE_LICENSE("GPL");

3 源码反汇编

-> cat objdump.sh 

if [ $# -ne 2 ]; then
echo "Usgae: "
echo "./objdump <file.o> <output file>"
exit 1;
fi

export PATH=$PATH:<path>
arm-poky-linux-gnueabi-objdump  -S -j .text $1 > $2

-> ./objdump.sh create_oops_info.o create_oops_info.s

 create_oops_info.o:     file format elf32-littlearm
Disassembly of section .text:

00000000 <create_oops_info_init>:
   0:  e3001000   movw  r1, #0      
   4:  e3000000   movw  r0, #0      
   8:  e92d4010   push  {r4, lr}    
   c:  e3401000   movt  r1, #0      
  10:  e3a0200b   mov  r2, #11      
  14:  e3400000   movt  r0, #0      
  18:  ebfffffe   bl  0 <printk>
  1c:  e3a00000   mov  r0, #0       /* r0 = 0 */
  20:  e5c00000   strb  r0, [r0]     /* r0的值为0，把r0的值存储到r0的值所指向的内存空间 */ 
  24:  e8bd8010   pop  {r4, pc}

00000028 <create_oops_info_exit>:
  28:  e3000000   movw  r0, #0
  2c:  e3a02014   mov  r2, #20
  30:  e3400000   movt  r0, #0
  34:  e59f1000   ldr  r1, [pc]  ; 3c <create_oops_info_exit+0x14>
  38:  eafffffe   b  0 <printk>
  3c:  00000018   .word  0x00000018

4 结束语

希望本文可以帮助到大家！

欢迎大家通过后台与我交流学习心得，水平有限，如有错漏的地方请不吝指出，谢谢！