PTRACE_SYSCALL

Datoda (datoda@yahoo.com)
Thu, 1 Aug 2002 12:37:47 -0700 (PDT)


Hi,

I have played with this ptrace request a bit on
ia32 and there are a few things unclear to me. Could
someone please answer my questions? TIA.

o When the child enters a system call, and the parent
regains control after issuing PTRACE_SYSCALL, where is
the system call number stored? I guess it's either in
%eax or in orig_eax (at 0x24(esp)) of the child, but
values in both places seem invalid in my own
experiments.

o According to the man page, the child is interrupted
twice for each system call, once at the entry and once
at the exit. Intriguingly, when parent inspects the
eip of the child at both interruptions, the two eip's
are the same. What is the explanation for this?
Furthermore, the eip of the child seems to always
point at the instruction after "int". Why is that the
case?

o Is there a good document that covers PTRACE_SYSCALL
or ptrace in general?

Your answers are appreciated.

__________________________________________________
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/