I finally understand why “DW_OP_fbreg: 0” is possible

I finally understand why “DW_OP_fbreg: 0” is possible

2015/04/14 Debugger GKD 0

In the following function kmalloc2, take a look the first parameter, the memory location of that parameter is stated by dwarf “DW_AT_location : 2 byte block: 91 0 (DW_OP_fbreg: 0)”, where “DW_OP_fbreg: 0” means stack+0. I was thinking why it is possible. Because when cpu executed call instruction, it already pushed 4 bytes into the stack. So the offset of the first parameter should be ESP+4, not ESP+0.

 <1><502c>: Abbrev Number: 34 (DW_TAG_subprogram)
    <502d>   DW_AT_external    : 1      
    <502d>   DW_AT_name        : (indirect string, offset: 0x18cd): kmalloc2    
    <5031>   DW_AT_decl_file   : 1      
    <5032>   DW_AT_decl_line   : 725    
    <5034>   DW_AT_prototyped  : 1      
    <5034>   DW_AT_type        : <0x482e>       
    <5038>   DW_AT_low_pc      : 0x1607b50      
    <503c>   DW_AT_high_pc     : 0x82   
    <5040>   DW_AT_frame_base  : 1 byte block: 9c       (DW_OP_call_frame_cfa)
    <5042>   DW_AT_GNU_all_call_sites: 1        
    <5042>   DW_AT_sibling     : <0x50d4>       
 <2><5046>: Abbrev Number: 39 (DW_TAG_formal_parameter)
    <5047>   DW_AT_name        : (indirect string, offset: 0x17aa): virtualAddress      
    <504b>   DW_AT_decl_file   : 1      
    <504c>   DW_AT_decl_line   : 725    
    <504e>   DW_AT_type        : <0x47da>       
    <5052>   DW_AT_location    : 2 byte block: 91 0     (DW_OP_fbreg: 0)

I searched around in google and has no answer, finally i found this chinese blog http://tsecer.blog.163.com/blog/static/150181720118395251117/. And I finally know even i don’t have .debug_frames, but I have .eh_frame section. After I dump it out that section, it should be the formula of DW_OP_call_frame_cfa is “r4 (esp) ofs 4”, which mean esp plus four.