Re: ptrace in 2.6.5
From: Fabiano Ramos
Date: Mon May 10 2004 - 15:23:48 EST
On Mon, 2004-05-10 at 15:49, Andi Kleen wrote:
> Fabiano Ramos <ramos_fabiano@xxxxxxxxxxxx> writes:
>
> > Hi All.
> >
> > Is ptrace(), in singlestep mode, required to stop after a int 0x80?
> > When tracing a sequence like
> >
> > mov ...
> > int 0x80
> > mov ....
> >
> > ptrace would notify the tracer after the two movs, but not after the
> > int 0x80. I want to know if it is a bug or the expected behaviour.
>
> What happens is that after the int 0x80 the CPU is in ring 0 (you
> don't get an trace event in that mode unless you use a kernel debugger).
> Then when the kernel returns the last instruction executed before it is an
> IRET. But the IRET is also executed still in ring 0 and you should not get
> an event for it (you can not even access its code from user space).
>
> So it's expected behaviour.
>
> -Andi
I got it. But I need it to stop after the instruction. I am a newbie,
so is it trivial to patch the kernel so that it STOPS after the int
0x80? Can you give me some light on it?
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/