Re: %eip

[Ian Lance Taylor <ian at airs dot com>]

JANAPA REDDI VIJAY <Vijay.Janapareddi@Colorado.EDU> writes:

> I realize that in the _fini function the call instruction is executed
> to an instruction immediately following it and the value is
> immediately poped into a register. I am guessing this is done to get
> the instruction pointer since there is no direct way to get the ip on
> x86?! I have seen this behavior even in libc.
> 
> I am unsure why this is needed to be done the way it is done? I am not
> able to generalize how the call and pop combination is used by the
> compiler.
> 
> Any comments on that are much appreciated. Thank you.
> 
>       0x80489a0 <_fini>:      push   %ebp
>       0x80489a1 <_fini+1>:    mov    %esp,%ebp
>       0x80489a3 <_fini+3>:    push   %ebx
>       0x80489a4 <_fini+4>:    push   %edx
> ***> 0x80489a5 <_fini+5>:    call   0x80489aa <_fini+10>
> ***> 0x80489aa <_fini+10>:   pop    %ebx
>       0x80489ab <_fini+11>:   add    $0x11ce,%ebx

You need to pay attention to the add, also.  This sequence is used to
get the pointer to the global offset table in position independent
code.  The use of the call/pop sequence gets the current PC.  The
compiler, assembler and linker cooperate to ensure that the global
offset table is always at a fixed known offset from the text section.
Adding 0x11ce will turn out to be the correct offset from the pop
instruction to the global offset table.  The global offset table, in
turn, is used to access all global variables and non-hidden functions.

This kind of code will appear in position independent code--that is,
code compiler with -fpic or -fPIC.  It will not normally appear in
code compiled without -fpic or -fPIC.  It is possible that the _fini
function is always compiled with -fPIC so that it will be suitable for
any executable or shared library.

Let us know if that does not answer your question.

Ian