Ignore:
Timestamp:
08/27/08 23:19:02 (5 years ago)
Author:
pterjan
Message:
  • Fix grab to work again on systems using sysenter instead of int 80
File:
1 edited

Legend:

Unmodified
Added
Removed

  • neercs/trunk/src/mytrace.c

    r2612 r2785  
    127127#define STRINGIFY(x) X(x) 
    128128 
    129 #define SYSCALL_X86   0x80cd  /* CD 80 = int $0x80 */ 
    130 #define SYSCALL_AMD64 0x050fL /* 0F 05 = syscall */ 
     129#define SYSCALL_X86     0x80cd  /* CD 80 = int $0x80 */ 
     130#define SYSCALL_X86_NEW 0xf3eb  /* EB F3 = jmp <__kernel_vsyscall+0x3> */ 
     131#define SYSENTER        0x340f  /* 0F 34 = sysenter */ 
     132#define SYSCALL_AMD64   0x050fL /* 0F 05 = syscall */ 
    131133 
    132134#if defined __x86_64__ 
     
    481483    long oinst; 
    482484    int bits; 
     485    int offset = 2; 
    483486 
    484487    if(call < 0 || call >= (long)(sizeof(syscallnames)/sizeof(*syscallnames))) 
     
    508511 
    509512        oinst = ptrace(PTRACE_PEEKTEXT, t->pid, oldregs.RIP - 2, 0) & 0xffff; 
     513        fprintf(stderr, "%lx\n", oinst); 
    510514 
    511515#if defined __x86_64__ 
    512516        if(oinst == SYSCALL_AMD64) 
    513517            break; 
    514         if(oinst == SYSCALL_X86) 
     518        if(oinst == SYSCALL_X86 || oinst == SYSCALL_X86_NEW) 
    515519        { 
    516520            bits = 32; 
     
    518522        } 
    519523#else 
    520         if(oinst == SYSCALL_X86) 
     524        if(oinst == SYSCALL_X86 || oinst == SYSCALL_X86_NEW) 
    521525            break; 
    522526#endif 
     
    528532        } 
    529533        waitpid(t->pid, NULL, 0); 
    530  
    531534        if(ptrace(PTRACE_SYSCALL, t->pid, NULL, 0) < 0) 
    532535        { 
     
    539542    print_registers(t->pid); 
    540543 
     544    if(oinst == SYSCALL_X86_NEW) 
     545    { 
     546        /*  Get back to sysenter */ 
     547        while((ptrace(PTRACE_PEEKTEXT, t->pid, oldregs.RIP - offset, 0) & 0xffff) != 0x340f) 
     548            offset++; 
     549        oldregs.ebp = oldregs.esp; 
     550    } 
     551 
    541552    regs = oldregs; 
    542     regs.RIP = regs.RIP - 2; 
     553    regs.RIP = regs.RIP - offset; 
    543554#if defined __x86_64__ 
    544555    if(bits == 64) 
     
    592603                return -1; 
    593604            } 
     605            debug("PTRACE_GETEVENTMSG %d", t->child); 
    594606            continue; 
    595607        case PTRACE_EVENT_EXIT: 
     608            debug("PTRACE_EVENT_EXIT"); 
    596609            /* The process is about to exit, don't do anything else */ 
    597610            return 0; 
Note: See TracChangeset for help on using the changeset viewer.