From owner-freebsd-hackers@FreeBSD.ORG Sun Jul 26 17:49:52 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D17F71065670 for ; Sun, 26 Jul 2009 17:49:52 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from mail.zoral.com.ua (skuns.zoral.com.ua [91.193.166.194]) by mx1.freebsd.org (Postfix) with ESMTP id 6C4618FC13 for ; Sun, 26 Jul 2009 17:49:52 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from deviant.kiev.zoral.com.ua (root@deviant.kiev.zoral.com.ua [10.1.1.148]) by mail.zoral.com.ua (8.14.2/8.14.2) with ESMTP id n6QHnl0f061259 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 26 Jul 2009 20:49:47 +0300 (EEST) (envelope-from kostikbel@gmail.com) Received: from deviant.kiev.zoral.com.ua (kostik@localhost [127.0.0.1]) by deviant.kiev.zoral.com.ua (8.14.3/8.14.3) with ESMTP id n6QHnktP072021; Sun, 26 Jul 2009 20:49:46 +0300 (EEST) (envelope-from kostikbel@gmail.com) Received: (from kostik@localhost) by deviant.kiev.zoral.com.ua (8.14.3/8.14.3/Submit) id n6QHnkkR072020; Sun, 26 Jul 2009 20:49:46 +0300 (EEST) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: deviant.kiev.zoral.com.ua: kostik set sender to kostikbel@gmail.com using -f Date: Sun, 26 Jul 2009 20:49:46 +0300 From: Kostik Belousov To: "Diskin, Gal" Message-ID: <20090726174946.GR55190@deviant.kiev.zoral.com.ua> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="6XNUmp/j7fdcibPl" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.3i X-Virus-Scanned: clamav-milter 0.95.2 at skuns.kiev.zoral.com.ua X-Virus-Status: Clean X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on skuns.kiev.zoral.com.ua Cc: "freebsd-hackers@freebsd.org" Subject: Re: ptrace question X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Jul 2009 17:49:53 -0000 --6XNUmp/j7fdcibPl Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Sun, Jul 26, 2009 at 06:11:25PM +0300, Diskin, Gal wrote: > Hi, > I'm using ptrace to execute one application under the control > of another (surprisingly :P). I'm trying to find the number > of the last system call executed in the traced process from > the tracing process. In Linux this is done using "orig_eax" > (or "orig_rax") but as far as I can tell it does not have a > counterpart in FreeBSD (correct me if I'm wrong). I've looked > at the kernel sources in hope of finding out how the conversion > was done in the Linux emulation layer. The file linux_ptrace.c > (http://fxr.watson.org/fxr/source/i386/linux/linux_ptrace.c?v=FREEBSD7 > 2#L118) seems to be the place the conversion is taking place. However, > in spite the comment at the top of the conversion function mentioning > that the translation is not straightforward, the translation done is > simply copying eax to orig_eax. > > My question is: Is there a way to find the number of the last system > call executed in the traced application from the tracing application > (using ptrace)? Are you trying to trace linux process, or native freebsd ? And, is the tracer linux process, or freebsd one ? It seems that you are talking about linux process, note that linux PTRACE_SYSCALL is not implemented in linuxolator. For native FreeBSD tracers, you can use PT_TO_SCE, that stops the process at the syscall entry, PT_TO_SCX, that stops at the syscall exit. Most likely, truss source code is most illustrative in the usage. The flags allow to trace both freebsd and linux processes. After the process is stopped, you should get registers of the traced process. Upon syscall entry, %eax contains syscall number. --6XNUmp/j7fdcibPl Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) iEYEARECAAYFAkpslzoACgkQC3+MBN1Mb4i59gCglETQ+dOGLx8bmMeaF7iPeCGO 5hQAoJ7aZFoUZXbcSI9mrZ8IBa6MdmS+ =98D9 -----END PGP SIGNATURE----- --6XNUmp/j7fdcibPl--