From: Datoda (
Date: Thu Aug 01 2002 - 14:37:47 EST


   I have played with this ptrace request a bit on
ia32 and there are a few things unclear to me. Could
someone please answer my questions? TIA.

o When the child enters a system call, and the parent
regains control after issuing PTRACE_SYSCALL, where is
the system call number stored? I guess it's either in
%eax or in orig_eax (at 0x24(esp)) of the child, but
values in both places seem invalid in my own

o According to the man page, the child is interrupted
twice for each system call, once at the entry and once
at the exit. Intriguingly, when parent inspects the
eip of the child at both interruptions, the two eip's
are the same. What is the explanation for this?
Furthermore, the eip of the child seems to always
point at the instruction after "int". Why is that the

o Is there a good document that covers PTRACE_SYSCALL
or ptrace in general?

Your answers are appreciated.

Do You Yahoo!?
Yahoo! Health - Feel better, live better
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

This archive was generated by hypermail 2b29 : Wed Aug 07 2002 - 22:00:16 EST