modify syscall nr on-the-fly
Kostik Belousov
kostikbel at gmail.com
Mon Aug 20 21:25:36 PDT 2007
On Sat, Aug 18, 2007 at 02:01:26PM +0400, Yuriy Tsibizov wrote:
> I'm trying to get user-mode Linux to run under FreeBSD Linux emulation (on
> i386).
>
> User-mode Linux in it's start-up tests tries to modify syscall number (to be
> called by kernel) on-the-fly
> (http://fxr.watson.org/fxr/source/arch/um/os-Linux/start_up.c?v=linux-2.6).
> It forks a child thread that stops
> (using SIGSTOP), calls getpid() (that will be intercepted by parent thread
> using PTRACE_SYSCALL)
> and return some value based on getpid() results. Main thread waits for
> SIGSTOP in child process and
> enables PTRACE_SYSCALL (I have some code that implements it. It makes some
> incompatible changes
> to PT_SYSCALL that will break FreeBSD applications, but works for Linux
> apps). When main thread
> catches SIGTRAP (generated by ptrace) it tries to modify EAX of child thread
> (with PTRACE_PEEKUSR
> and PTRACE_POKEUSR) to replace getpid syscall with getppid.
>
> is it possible to get updated EAX (and other registers as well) in
> syscall(...) after ptracestop(...) in PTRACESTOP_SC(...) returns?
>
> Hope for your help,
>
> Yuriy.
If I understand right what you want, I doubt that existing code would
allow you to change syscall number in debugger process for debuggee.
You shall look at the sys/i386/i386/trap.c, syscall() function [adjust
as needed for other arches]. It calculates callp before doing PTRACESTOP_SC,
as well as copies the syscall arguments into the kernel address space.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20070821/40c8b03a/attachment.pgp
More information about the freebsd-hackers
mailing list