Hi:
What's the effect of PT_TRACESYSGOOD flag? I found it's used only set in ptrace_setoptions,which is called in the function ptrace_request. And the PT_TRACESYSGOOD flag will be requested in do_syscall_trace. What's the purpose of that flag? Thanks!
Alex
Hi!
> What's the effect of PT_TRACESYSGOOD flag? I found it's used only set in ptrace_setoptions,which is called in the function ptrace_request. And the PT_TRACESYSGOOD flag will be requested in do_syscall_trace. What's the purpose of that flag? Thanks!
>
Search archives, it was needed for subterfugue.
Pavel
--
People were complaining that M$ turns users into beta-testers...
...jr ghea gurz vagb qrirybcref, naq gurl frrz gb yvxr vg gung jnl!
>> What's the effect of PT_TRACESYSGOOD flag? I found it's used only set
>> in ptrace_setoptions, which is called in the function
>> ptrace_request. And the PT_TRACESYSGOOD flag will be requested in
>> do_syscall_trace. What's the purpose of that flag?
/*
* A child stopped at a syscall has status as if it received SIGTRAP.
* In order to distinguish between SIGTRAP and syscall, some kernel
* versions have the PTRACE_O_TRACESYSGOOD option, that sets an extra
* bit 0x80 in the syscall case.
*/
Then I think the tracing thread should call the ptrace_request to set
PTRACE_O_TRACESYSGOOD flag of the traced thread first before
ptrace(PTRACE_SYSCALL...) ,right?
Thanks a lot!
Alex
Andries Brouwer wrote:
>> What's the effect of PT_TRACESYSGOOD flag? I found it's used only set
>> in ptrace_setoptions, which is called in the function ptrace_request.
>> And the PT_TRACESYSGOOD flag will be requested in do_syscall_trace.
>> What's the purpose of that flag?
>/*
> * A child stopped at a syscall has status as if it received SIGTRAP.
> * In order to distinguish between SIGTRAP and syscall, some kernel
> * versions have the PTRACE_O_TRACESYSGOOD option, that sets an extra
> * bit 0x80 in the syscall case.
> */
>> /*
>> * A child stopped at a syscall has status as if it received SIGTRAP.
>> * In order to distinguish between SIGTRAP and syscall, some kernel
>> * versions have the PTRACE_O_TRACESYSGOOD option, that sets an extra
>> * bit 0x80 in the syscall case.
>> */
> Then I think the tracing thread should call the ptrace_request to set
> PTRACE_O_TRACESYSGOOD flag of the traced thread first before
> ptrace(PTRACE_SYSCALL...) ,right?
Yes.
>From a baby ptrace demo:
#define SIGSYSTRAP (SIGTRAP | sysgood_bit)
int sysgood_bit = 0;
void set_sysgood(pid_t p) {
#ifdef PTRACE_O_TRACESYSGOOD
int i = ptrace(PTRACE_SETOPTIONS, p, 0, (void*) PTRACE_O_TRACESYSGOOD);
if (i == 0)
sysgood_bit = 0x80;
else
perror("PTRACE_O_TRACESYSGOOD");
#endif
}
and now the signal SIGSYSTRAP signifies a system call when the sysgood bit
was implemented, anything different from SIGSYSTRAP is guaranteed to be a signal.