I have found the following fragment in the Linux kernel (not the corresponding C code though), somewhere during the start up phase. You can clearly see the 0F 0B parts, which stand for the UD2 opcode (IDA refused to disassemble).
There are some possible usages for this opcode explained here and here. In this case, however, the opcodes after this instruction don’t really make sense.
seg000:000C059E test edx, edx seg000:000C05A0 jnz short loc_C05AA seg000:000C05A0 ; -------------------------------------------------- seg000:000C05A2 db 0Fh seg000:000C05A3 db 0Bh seg000:000C05A4 db 73h seg000:000C05A5 db 0 seg000:000C05A6 db 86h ; å seg000:000C05A7 db 4Ah ; J seg000:000C05A8 db 27h ; ' seg000:000C05A9 db 0C0h ; + seg000:000C05AA ; -------------------------------------------------- seg000:000C05AA seg000:000C05AA loc_C05AA: seg000:000C05AA cmp eax, [edi+4] seg000:000C05AD jbe short loc_C05B7 seg000:000C05AD ; -------------------------------------------------- seg000:000C05AF db 0Fh seg000:000C05B0 db 0Bh seg000:000C05B1 db 75h seg000:000C05B2 db 0 seg000:000C05B3 db 86h seg000:000C05B4 db 4Ah ; J seg000:000C05B5 db 27h ; ' seg000:000C05B6 db 0C0h ; + seg000:000C05B7 ; -------------------------------------------------- seg000:000C05B7 seg000:000C05B7 loc_C05B7: seg000:000C05B7 add ecx, 0FFFh seg000:000C05BD shr esi, 0Ch seg000:000C05C0 shr ecx, 0Ch seg000:000C05C3 sub ecx, esi seg000:000C05C5 cmp ecx, ebx seg000:000C05C7 jnb short loc_C05E9 seg000:000C05C9 lea esi, [esi+0] seg000:000C05D0 seg000:000C05D0 loc_C05D0: seg000:000C05D0 mov edx, [edi+8] seg000:000C05D3 btr [edx], ecx seg000:000C05D6 sbb eax, eax seg000:000C05D8 test eax, eax seg000:000C05DA jnz short loc_C05E4 seg000:000C05DA ; ------------------------------------------------ seg000:000C05DC db 0Fh seg000:000C05DD db 0Bh seg000:000C05DE db 7Fh seg000:000C05DF db 0 seg000:000C05E0 db 86h ; å seg000:000C05E1 db 4Ah ; J seg000:000C05E2 db 27h ; ' seg000:000C05E3 db 0C0h ; + seg000:000C05E4 ; ------------------------------------------------- seg000:000C05E4 seg000:000C05E4 loc_C05E4: seg000:000C05E4 inc ecx
Advertisement
Answer
It’s the BUG() macro from include/asm-i386/bug.h.
/*
* Tell the user there is some problem.
* The offending file and line are encoded after the "officially
* undefined" opcode for parsing in the trap handler.
*/
#ifdef CONFIG_DEBUG_BUGVERBOSE
#define BUG()
__asm__ __volatile__( "ud2n"
"t.word %c0n"
"t.long %c1n"
: : "i" (__LINE__), "i" (__FILE__))
For example, the one at 0C05AF is for file with name at 0xC0274A86 and line number 117 (0x75).