[Crash-utility] Function parameters from stack frames

[Alexandr Terekhov]

Hello,

I'm working now on task of obtaining function parameters from stack frames.
Can't say that it's really possible to get every parameter of every function,
but some of them are available.

My idea was the following: at start we have "reliable" register RSP, after that
I'm starting to parse frame:
        push   %rbp
        mov    %rsp,%rbp
        push   %r13
        push   %r12
        push   %rbx

hence we have rbx, r12, r13 "reliable" registers and so on.
At the end of frame we have the following:

        mov    %r13,%rcx
        mov    %rax,%rdx
        mov    %r12,%rsi
        mov    %rbx,%rdi
        callq  *%r8

Source is callee-save register, destination is parameter register. Then the next frame:

        mov %rbx, -0x28(%rbp)
        mov %r12, -0x20(%rbp)
        mov %r13, -0x18(%rbp)
        mov %r14, -0x10(%rbp)

and we have 3 of 4 parameters in stack. (RDI which is RBX, RSI which is R12, RCX which is R13).

I've already written this logic (and not only this - there are a lot of heuristics),
but I only have one single dump to test is. So I'd like to ask you all to provide some dumps
for testing (preferably RedHat kernels).

It would be great to get nested IRQs, different exceptions:
* double fault
* stack fault
that is something with stack switch (IST). This logic has not been written yet.

Thanks in advance.

Alexandr