I wonder if anyone can help me out on this one.
When I ptrace a program and it has a breakpoint in it (int3) I can detect
that using PTRACE_SETOPTIONS with the option PTRACE_O_TRACESYSGOOD and
detection happens through !(WSTOPSIG(status) & 0x80).
But, when I ptrace a program and that program contains next code,
pushfl
popl %eax
orl 0x100, %eax
pushl %eax
popfl
thus setting the trap flag, then I still can detect the 'real' SIGTRAP
using !(WSTOPSIG(status) & 0x80), but when I do a PTRACE_SYSCALL on the
process, following SIGTRAPs always occur on the same EIP.
Clearing the X86_EFLAGS_TF of that process won't help it to make the
process continue 'till a next instruction.
Can anyone help me out?
The only thing I found is that the TF also makes the RF to be on.
Please CC me; I'm not on the mailing list.
Thanks in advance, Frank.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/