Re: Disassemble a kext file
Re: Disassemble a kext file
- Subject: Re: Disassemble a kext file
- From: William Kucharski <email@hidden>
- Date: Fri, 22 Apr 2005 03:39:09 -0600
- Resent-date: Fri, 22 Apr 2005 03:40:50 -0600
- Resent-from: William Kucharski <email@hidden>
- Resent-message-id: <email@hidden>
- Resent-to: darwin-kernel Dev <email@hidden>
On Apr 22, 2005, at 3:01 AM, anshul makkar wrote:
Hi, is there a way to disassemble the kext file.
I want to know the function exported by the kext file, so that I
can place my filter above it by exporting the same interfaces.
Like in windows we can disassemble a .drv or .sys file ,similarly any
way is there in mac
There are multiple ways:
To find functions exported by a kext, the easiest tool to use is nm(1).
Once you know the
function it can easily be disassembled using gdb(1), e.g.:
# gdb /System/Library/Extensions/ntfs.kext/Contents/MacOS/ntfs
(gdb) disassemble ntfs_allocate
Dump of assembler code for function ntfs_allocate:
0x0000f348 <ntfs_allocate+0>: mflr r0
0x0000f34c <ntfs_allocate+4>: stmw r30,-8(r1)
0x0000f350 <ntfs_allocate+8>: stw r0,8(r1)
0x0000f354 <ntfs_allocate+12>: stwu r1,-80(r1)
0x0000f358 <ntfs_allocate+16>: mr r30,r1
[ ... ]
Or to just disassemble the entire kext, use otool(1):
# otool -vt ntfs
ntfs:
(__TEXT,__text) section
_ntfs_uncompblock:
00000000 mfspr r0,lr
00000004 stmw r30,0xfff8(r1)
00000008 stw r0,0x8(r1)
0000000c stwu r1,0xff60(r1)
00000010 or r30,r1,r1
00000014 stw r3,0xb8(r30)
00000018 stw r4,0xbc(r30)
0000001c lwz r2,0xbc(r30)
00000020 lhz r0,0x0(r2)
00000024 sth r0,0x68(r30)
00000028 lhz r0,0x68(r30)
0000002c sth r0,0x70(r30)
00000030 addi r0,r30,0x70
[ ... ]
William Kucharski
email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden