Let me know EIP address

Let me know EIP address

[Lethalman]

I'm trying to get the EIP value from a simple program in C but i don't 
how to do it. I need it to know the current address position on the code 
segment.

main() {
   long *eip;
   asm("mov %%eip,%0" : "=g"(eip));
   printf("%p\n", eip);
}

Unfortunately EIP is not that kind of register :P
Does anyone know how to get EIP?

-- 
www.iosn.it * Amministratore Italian Open Source Network
www.fyrebird.net * Fyrebird Hosting Provider - Technical Department

Re: Let me know EIP address

[linux-os]

On Tue, 4 Jan 2005, Lethalman wrote:

> I'm trying to get the EIP value from a simple program in C but i don't how to 
> do it. I need it to know the current address position on the code segment.
>
> main() {
>  long *eip;
>  asm("mov %%eip,%0" : "=g"(eip));
>  printf("%p\n", eip);
> }
>
> Unfortunately EIP is not that kind of register :P
> Does anyone know how to get EIP?
>

You get the offset of a label, i.e., "foo:\t movl $foo,%0\n" in the asm 
code.


Cheers,
Dick Johnson
Penguin : Linux version 2.6.9 on an i686 machine (5537.79 BogoMips).
  Notice : All mail here is now cached for review by Dictator Bush.
                  98.36% of all statistics are fiction.

Re: Let me know EIP address

[Paolo Ornati]

On Tue, 04 Jan 2005 16:18:02 +0100
Lethalman <lethalman@fyrebird.net> wrote:

> I'm trying to get the EIP value from a simple program in C but i don't
> how to do it. I need it to know the current address position on the
> code segment.
> 
> main() {
>    long *eip;
>    asm("mov %%eip,%0" : "=g"(eip));
>    printf("%p\n", eip);
> }
> 
> Unfortunately EIP is not that kind of register :P
> Does anyone know how to get EIP?


IA-32 Intel® Architecture
    Software Developer's
                    Manual
                    Volume 1:
            Basic Architecture


3.5. INSTRUCTION POINTER

[...]

The EIP register cannot be accessed directly by software; it is
controlled implicitly by control- transfer instructions (such as JMP,
Jcc, CALL, and RET), interrupts, and exceptions. The only way to read
the EIP register is to execute a CALL instruction and then read the
value of the return instruction pointer from the procedure stack. The
EIP register can be loaded indirectly by modifying the value of a return
instruction pointer on the procedure stack and executing a return
instruction (RET or IRET). See Section 6.2.4.2., "Return Instruction
Pointer".

[...]

-- 
	Paolo Ornati
	Gentoo Linux (kernel 2.6.10-cko2)

Re: Let me know EIP address

[Paulo Marques]

linux-os wrote:
> On Tue, 4 Jan 2005, Lethalman wrote:
> 
>> I'm trying to get the EIP value from a simple program in C but i don't 
>> how to do it. I need it to know the current address position on the 
>> code segment.
>>
>> main() {
>>  long *eip;
>>  asm("mov %%eip,%0" : "=g"(eip));
>>  printf("%p\n", eip);
>> }
>>
>> Unfortunately EIP is not that kind of register :P
>> Does anyone know how to get EIP?
>>
> 
> You get the offset of a label, i.e., "foo:\t movl $foo,%0\n" in the asm 
> code.

Or use a gcc extension, so that you don't have to write assembly code:

int main(int argc, char *argv[])
{
   address:
     printf("this is my address %p\n", &&address);
   return 0;
}

-- 
Paulo Marques - www.grupopie.com

"A journey of a thousand miles begins with a single step."
Lao-tzu, The Way of Lao-tzu

Re: Let me know EIP address

[Bernd Eckenfels]

In article <20050104171043.21c7c4ef@tux.homenet> you wrote:
>> I'm trying to get the EIP value from a simple program in C but i don't

> The EIP register cannot be accessed directly by software

I guess most often is enough to get the address of a C function

printf("%p", &func);

Greetings
Bernd