Hi All,
I've actually put this out to the kernel mailing list, but I thought I
might try here as well.
I am fairly new to OS X having just got a penryn/leopard. I'm trying
to ****t some IA-32 asm code over to the XNU kernel from linux, and I'm
just having a bit of trouble understanding what actually is going on
when I call a sys_fork.
on the man 2 pages it gives me this:
pid_t fork (void) where pid_t is an unsigned 32 bit.
Much the same as linux, fine, good. No worries, should be a piece of
cake right? I know the different calling conventions.. I've already
fixed the bit of code dealing with lseek, I should be grand right?
Well...
I load EAX with the syscall no (0x02) and do what's necessary and
expected ( as I understand it, BSD likes a 32 word on the stack prior
to the syscall via int 0x80, ie this link http://www.int80h.org/bsdasm/
)
And like the linux fork syscall, I expect either:
EAX < 0 - error
EAX = 0 returned to the child process
EAX = unsigned 32 bit (returned PID to the parent process).
The code works fine and dandy on linux (I follow this up with an
execve by the way to call the shell to execute an arbitrary command,
anything the user would like to do)
BUT, on XNU/OSX, I find fork does indeed create 2 processes but BOTH
of them get the PID of the child returned to them in EAX...
So basically my code bugs out there because the child does not know
it's a child and so on on...
What gives?
A little bit of exploring - given often EDX sometimes gets paired with
EAX - I tried looking at EDX. Surprise, surprise. EDX returns either 0
or 1. I do not know where this is do***ented but a bit of trial and
error led me to discover that EDX = 0 is returned to the parent
process. (ROFL) and 1 to the child, which allowed me to do a quick
fix.
Basically the code appears to work now with the following naughty fix.
Basically I did the naughty thing of NEGating and NOTing the EDX value
so that in EDX, the parent process becomes -1 and the child becomes 0
and ANDing EDX to EAX, which means the parent gets the PID of the
child process and the child gets PID AND 0 = 0.
I'm working on the assumption if there is an error in a fork, the
parent will get EAX back by this means, and register an error too.
So after this little patch, it seems I have fork behaving 'like' I
expect it to be, and it seems fine, I follow with execve , all's A-OK.
This however, is empiric, and I do not know how correct this actually
is. But t seems to work...
BUT still I have NO idea what EDX actually represents actually and
where I should be expecting to get my error code, ie in EAX or EDX.
When I installed xcode 3.0 all I got was this header file (which
helped a lot in ****ting the program, some syscall no's were
different).
file:///Developer/SDKs/MacOSX10.5.sdk/usr/include/sys/_types.h
I could not find the source to syscall fork (0x02) - to find out what
the heck all this EDX business is... I mean, from the prototype, one
would imagine you'd only get one 32 bit value returned..
**** Can anyone tell me what's going on and where to get the source
for this syscall (or all the syscalls for that matter) ?
I admit I don't know where everything actually is or where to get it.
I'm still kinda new.
Any bright ideas, warnings etc welcome... Should I be doing anything
different? ( apart from recoding this in C, which, really isn't an
option <grin> ).
Thanks for your patience, you can reach me here or my email.
Robert Spykerman
--
chown -R us ./base
|
