I have a question about accessing the x86 program counter (EIP)
from within a signal handler on Linux 2.2 and later versions. We have
an instrumentation tool that places breakpoint instructions in a
process and installs a SIGTRAP handler to catch their execution. We
register our handler as follows:
extern void handler(int sig, struct sigcontext uap);
struct sigaction sa;
sa.sa_handler = handler;
sa.sa_flags = 0;
sigaction(SIGTRAP, &sa, NULL);
The sigcontext structure parameter to our handler is defined in
/usr/include/asm/sigcontext.h. uap.eip is the PC of the breakpoint
instruction that caused the handler to be invoked. If we change
uap.eip in the handler, then when the signal handler returns it
continues the process from the new PC.
As far as we know, there is no documentation for this second
parameter (we found it by looking at the kernel).
Is it documented? Can we expect this structure to always be
available? Is there another (documented) interface through which we
could *read* EIP from the signal handler? Is there another through
which we could write EIP?
Thanks.
Vic Zandy
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Feb 15 2000 - 21:00:30 EST