ptrace and ORIG_EAX on ppc

ptrace and ORIG_EAX on ppc

[ashwin tanugula]

Hi!
Can somebody tell me how to set references to ORIG_EAX in ppc kernel.
We know ORIG_EAX is defined in unistd.h of i386. How do i make the
following program print two same pids in ppc?

#include <stdio.h>

#include <signal.h>

#include <sys/wait.h>

#include <sys/ptrace.h>

#include <asm/ptrace.h>

#include <asm/unistd.h>



static char stack[65536];



int child(void *arg)

{

if(ptrace(PTRACE_TRACEME, 0, 0, 0) < 0){

perror("ptrace");

exit(1);

}

kill(getpid(), SIGSTOP);

while(1){

printf("getpid() returned %d\n", getpid());

sleep(3);

}

return(0);

}



int main(int argc, char **argv)

{

int pid, status, syscall;



printf("Parent pid = %d\n", getpid());

if((pid = clone(child, &stack[65532], SIGCHLD, NULL)) < 0){

perror("clone");

exit(1);

}

if((pid = waitpid(pid, &status, WUNTRACED)) < 0){

perror("Waiting for stop");

exit(1);

}

if(ptrace(PTRACE_SYSCALL, pid, 0, 0) < 0){

perror("continuing");

exit(1);

}

while(1){

if((pid = waitpid(-1, &status, WUNTRACED)) <= 0){

perror("wait");

exit(1);

}

if(WIFSTOPPED(status) && (WSTOPSIG(status) == SIGTRAP)){

syscall = ptrace(PTRACE_PEEKUSER, pid, 4 * ORIG_EAX, 0);

if(syscall == __NR_getpid){

if(ptrace(PTRACE_POKEUSER, pid, 4 * ORIG_EAX, __NR_getppid) < 0){

perror("ptrace");

exit(1);

}

}

if(ptrace(PTRACE_SYSCALL, pid, 0, 0) < 0){

perror("continuing");

exit(1);

}

}

else printf("wait failed - pid = %d, status = %d\n", pid, status);

}

}



Note: References to ORIG_EAX have to be set here.
Thanks,
Ashwin.

Re: ptrace and ORIG_EAX on ppc

[Brad Boyer]

On Tue, Mar 29, 2005 at 08:01:06PM -0500, ashwin tanugula wrote:
> Hi!
> Can somebody tell me how to set references to ORIG_EAX in ppc kernel.
> We know ORIG_EAX is defined in unistd.h of i386. How do i make the
> following program print two same pids in ppc?

The ORIG_EAX is a reference to a register as saved in the stack. The
equivalent on ppc would seem to be PT_ORIG_R3. You're digging around
in an area that is extremely non-portable. This program appears to
be messing around with the syscall number before dispatch in the
syscall table. The implementation of ptrace on ppc and ppc64
explicitly does not allow changing this value, so I think you'll need
to find a completely different way to achieve your desired result.

Just to lessen the confusion, what are you trying to accomplish? Not
in the low-level detail sense, but what is the big picture goal?

	Brad Boyer
	flar@allandria.com

Re: ptrace and ORIG_EAX on ppc

[ashwin tanugula]

On Tue, 29 Mar 2005 23:25:58 -0800, Brad Boyer <flar@allandria.com> wrote:
> On Tue, Mar 29, 2005 at 08:01:06PM -0500, ashwin tanugula wrote:
> > Hi!
> > Can somebody tell me how to set references to ORIG_EAX in ppc kernel.
> > We know ORIG_EAX is defined in unistd.h of i386. How do i make the
> > following program print two same pids in ppc?
> 
> The ORIG_EAX is a reference to a register as saved in the stack. The
> equivalent on ppc would seem to be PT_ORIG_R3. You're digging around
> in an area that is extremely non-portable. This program appears to
> be messing around with the syscall number before dispatch in the
> syscall table. The implementation of ptrace on ppc and ppc64
> explicitly does not allow changing this value, so I think you'll need
> to find a completely different way to achieve your desired result.
> 
> Just to lessen the confusion, what are you trying to accomplish? Not
> in the low-level detail sense, but what is the big picture goal?
> 
>         Brad Boyer
>         flar@allandria.com
> 
> 
Hi,
Thanks to Brad for his help.
ORIG_EAX has to be changed to PT_R0 not to PT_ORIG_R3.
The output i got after changing ORIG_EAX to PT_R0 is
root@slemieux:/home/ashwin # gcc ptrace_test.c
root@slemieux:/home/ashwin # ./a.out
Parent pid = 16682
getpid() returned 16682
getpid() returned 16682

--Ashwin.