[framework] A little offtopic: Get EIP

[Clemens Kolbitsch]

hi guys!
sorry... i know this is a little off-topic, but this is probably the 
best place to ask for help...

we're developing a linux kernel stager to execute netcat as reverse 
shells (or acutally an app...) very similar to the winXP stager...

everything works really good (you'll hear from us soon ;-)  )

however, to try an exploit, i have to obtain the current EIP (and store 
it into some register).

in user-mode, i use

unsigned char *from;
__asm__ __volatile__("call 0x0");
__asm__ __volatile__("pop %eax");
__asm__ __volatile__("mov %%eax,%0" : "=r" (from) : : "%eax");

what works just fine (well, the "call 0x0" must be edited manually after 
compiling, because gcc makes a "call 0xfcffffff" out of it for some 
reason...)

however, when i execute this very same code in kernel mode (during a 
system call or a module init routine, for example) i get

Segmentation fault
Code: Bad EIP value.
EIP:  [<00000004>] 0x4 SS:ESP 0068:c6afec4

if i change it to "call 0x10" i get

Segmentation fault
Code: Bad EIP value.
EIP:  [<00000014>] 0x14 ....

so obviously, the relative near-call is treated as a call with ABSOLUTE 
address...

can anybody tell me why?? (or simply how to do this correctly??)

thanks!!
 clemens