Ignore:
Timestamp:
Aug 27, 2008, 11:19:02 PM (15 years ago)
Author:
Pascal Terjan
Message:
  • Fix grab to work again on systems using sysenter instead of int 80
File:
1 edited

Legend:

Unmodified
Added
Removed

  • neercs/trunk/src/mytrace.c

    r2612 r2785  
    127127#define STRINGIFY(x) X(x)
    128128
    129 #define SYSCALL_X86   0x80cd  /* CD 80 = int $0x80 */
    130 #define SYSCALL_AMD64 0x050fL /* 0F 05 = syscall */
     129#define SYSCALL_X86     0x80cd  /* CD 80 = int $0x80 */
     130#define SYSCALL_X86_NEW 0xf3eb  /* EB F3 = jmp <__kernel_vsyscall+0x3> */
     131#define SYSENTER        0x340f  /* 0F 34 = sysenter */
     132#define SYSCALL_AMD64   0x050fL /* 0F 05 = syscall */
    131133
    132134#if defined __x86_64__
     
    481483    long oinst;
    482484    int bits;
     485    int offset = 2;
    483486
    484487    if(call < 0 || call >= (long)(sizeof(syscallnames)/sizeof(*syscallnames)))
     
    508511
    509512        oinst = ptrace(PTRACE_PEEKTEXT, t->pid, oldregs.RIP - 2, 0) & 0xffff;
     513        fprintf(stderr, "%lx\n", oinst);
    510514
    511515#if defined __x86_64__
    512516        if(oinst == SYSCALL_AMD64)
    513517            break;
    514         if(oinst == SYSCALL_X86)
     518        if(oinst == SYSCALL_X86 || oinst == SYSCALL_X86_NEW)
    515519        {
    516520            bits = 32;
     
    518522        }
    519523#else
    520         if(oinst == SYSCALL_X86)
     524        if(oinst == SYSCALL_X86 || oinst == SYSCALL_X86_NEW)
    521525            break;
    522526#endif
     
    528532        }
    529533        waitpid(t->pid, NULL, 0);
    530 
    531534        if(ptrace(PTRACE_SYSCALL, t->pid, NULL, 0) < 0)
    532535        {
     
    539542    print_registers(t->pid);
    540543
     544    if(oinst == SYSCALL_X86_NEW)
     545    {
     546        /*  Get back to sysenter */
     547        while((ptrace(PTRACE_PEEKTEXT, t->pid, oldregs.RIP - offset, 0) & 0xffff) != 0x340f)
     548            offset++;
     549        oldregs.ebp = oldregs.esp;
     550    }
     551
    541552    regs = oldregs;
    542     regs.RIP = regs.RIP - 2;
     553    regs.RIP = regs.RIP - offset;
    543554#if defined __x86_64__
    544555    if(bits == 64)
     
    592603                return -1;
    593604            }
     605            debug("PTRACE_GETEVENTMSG %d", t->child);
    594606            continue;
    595607        case PTRACE_EVENT_EXIT:
     608            debug("PTRACE_EVENT_EXIT");
    596609            /* The process is about to exit, don't do anything else */
    597610            return 0;
Note: See TracChangeset for help on using the changeset viewer.