I am writing a crash back trace program for a course. The provided starter code gives us %eip upon a crash, and we are supposed to print the backtrace of the runtime stack.
The first step seems to be to get %ebp of the top stack, and our assignment says that there is “something accessible in C code that has a guaranteed fixed location relative to the current base pointer”.
The only thing I can think of would be the arguments to a function being stored at a fixed location above %ebp, but I cannot think of any possible way to use this information.
What is a way to find this %ebp with just C code (no inline assembly or anything)?
Any ponting in the right direction would be much appreciated! I’m on x86-32 bit.
I’m assuming that task is given for Linux/UNIX.
So, you are now in the SIGSEGV handler and have eip from…. context – the third parameter of handler?
First way:
The signal handler is started on the stack of application; and if you will take address of some local variable, you will get pointer to the stack:
This is not generally “guaranteed fixed location relative to the current base pointer” if we are talking about generalized case (according to C programming language standard and/or some UNIX Specification this should be undefined behaviour). But for x86/x86_64; some fixed compiler; fixed set of compiler options; enabled frame pointer saving in stack, then this offset will be constant.
Second way:
Check ucontext.h (/usr/include/sys) and hack into it via third argument to handler.