4,436
社区成员
发帖
与我相关
我的任务
分享如何使用ptrace()获得arm CPU的寄存器信息
在/usr/include/asm/ptrace.h 中看到以下代码
然后我希望使用x86上的方式获得CPU寄存器值:
但是实际执行的时候,输出
EIP: 0 Instructions executed: ffffffff
小弟实在是菜,不知道如何是好了……希望各位指教
struct pt_regs {
long uregs[18];
};
#define ARM_cpsr uregs[16]
#define ARM_pc uregs[15]
#define ARM_lr uregs[14]
#define ARM_sp uregs[13]
#define ARM_ip uregs[12]
#define ARM_fp uregs[11]
#define ARM_r10 uregs[10]
#define ARM_r9 uregs[9]
#define ARM_r8 uregs[8]
#define ARM_r7 uregs[7]
#define ARM_r6 uregs[6]
#define ARM_r5 uregs[5]
#define ARM_r4 uregs[4]
#define ARM_r3 uregs[3]
#define ARM_r2 uregs[2]
#define ARM_r1 uregs[1]
#define ARM_r0 uregs[0]
然后我希望使用x86上的方式获得CPU寄存器值:
int main(int argc, char *argv[])
{
pid_t traced_process;
struct pt_regs regs;
long ins;
if ( argc != 2 ) {
printf("Usage: %s <pid to be traced>", argv[0]);
exit(1);
}
traced_process = atoi(argv[1]);
ptrace(PTRACE_ATTACH, traced_process, NULL, NULL);
wait(NULL);
ptrace(PTRACE_GETREGS, traced_process, NULL, ®s);
ins = ptrace(PTRACE_PEEKTEXT, traced_process,
regs.ARM_ip, NULL);
printf("EIP: %lx Instructions executed: %lx\n", regs.ARM_ip, ins);
ptrace(PTRACE_DETACH, traced_process, NULL, NULL);
return 0;
}
但是实际执行的时候,输出
EIP: 0 Instructions executed: ffffffff
小弟实在是菜,不知道如何是好了……希望各位指教
...全文
请发表友善的回复…
发表回复
火雲邪神 2012-01-01
- 打赏
- 举报
// test.cpp
#include <stdio.h>
int main()
{
printf("---------- test 1 ----------\n");
printf("---------- test 2 ----------\n");
printf("---------- test 3 ----------\n");
return 0;
}
编译 g++ test.cpp -o test --static
// ptrace.cpp
#include <stdio.h>
#include <stdlib.h>
#include <sys/ptrace.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/reg.h>
#include <unistd.h>
int main()
{
pid_t pid;
int orig_eax, eax, ebx, ecx, edx;
pid = fork();
if(pid == 0)
{
ptrace(PTRACE_TRACEME, 0, NULL, NULL);
printf("execve = %d\n", execve("./test", NULL, NULL));
exit(0);
}
while(1)
{
int status;
wait(&status);
if(WIFEXITED(status)) break;
orig_eax = ptrace(PTRACE_PEEKUSER, pid, ORIG_EAX<<2, NULL);
eax = ptrace(PTRACE_PEEKUSER, pid, EAX<<2, NULL);
ebx = ptrace(PTRACE_PEEKUSER, pid, EBX<<2, NULL);
printf("ORIG_EAX = %d, EAX = %d, EBX = %d\n", orig_eax, eax, ebx);
ptrace(PTRACE_SYSCALL, pid, NULL, NULL);
}
return 0;
}
编译 g++ ptrace.cpp -o ptrace --static
测试 ./ptrace
输出
ORIG_EAX = 11, EAX = 0, EBX = 0
ORIG_EAX = 122, EAX = -38, EBX = -1074643290
ORIG_EAX = 122, EAX = 0, EBX = -1074643290
ORIG_EAX = 45, EAX = -38, EBX = 0
ORIG_EAX = 45, EAX = 161513472, EBX = 0
ORIG_EAX = 45, EAX = -38, EBX = 161516752
ORIG_EAX = 45, EAX = 161516752, EBX = 161516752
ORIG_EAX = 243, EAX = -38, EBX = -1074642896
ORIG_EAX = 243, EAX = 0, EBX = -1074642896
ORIG_EAX = 45, EAX = -38, EBX = 161651920
ORIG_EAX = 45, EAX = 161651920, EBX = 161651920
ORIG_EAX = 45, EAX = -38, EBX = 161652736
ORIG_EAX = 45, EAX = 161652736, EBX = 161652736
ORIG_EAX = 197, EAX = -38, EBX = 1
ORIG_EAX = 197, EAX = 0, EBX = 1
ORIG_EAX = 192, EAX = -38, EBX = 0
ORIG_EAX = 192, EAX = -1217093632, EBX = 0
ORIG_EAX = 4, EAX = -38, EBX = 1
---------- test 1 ----------
ORIG_EAX = 4, EAX = 29, EBX = 1
ORIG_EAX = 4, EAX = -38, EBX = 1
---------- test 2 ----------
ORIG_EAX = 4, EAX = 29, EBX = 1
ORIG_EAX = 4, EAX = -38, EBX = 1
---------- test 3 ----------
ORIG_EAX = 4, EAX = 29, EBX = 1
ORIG_EAX = 252, EAX = -38, EBX = 0
#include <stdio.h>
int main()
{
printf("---------- test 1 ----------\n");
printf("---------- test 2 ----------\n");
printf("---------- test 3 ----------\n");
return 0;
}
编译 g++ test.cpp -o test --static
// ptrace.cpp
#include <stdio.h>
#include <stdlib.h>
#include <sys/ptrace.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/reg.h>
#include <unistd.h>
int main()
{
pid_t pid;
int orig_eax, eax, ebx, ecx, edx;
pid = fork();
if(pid == 0)
{
ptrace(PTRACE_TRACEME, 0, NULL, NULL);
printf("execve = %d\n", execve("./test", NULL, NULL));
exit(0);
}
while(1)
{
int status;
wait(&status);
if(WIFEXITED(status)) break;
orig_eax = ptrace(PTRACE_PEEKUSER, pid, ORIG_EAX<<2, NULL);
eax = ptrace(PTRACE_PEEKUSER, pid, EAX<<2, NULL);
ebx = ptrace(PTRACE_PEEKUSER, pid, EBX<<2, NULL);
printf("ORIG_EAX = %d, EAX = %d, EBX = %d\n", orig_eax, eax, ebx);
ptrace(PTRACE_SYSCALL, pid, NULL, NULL);
}
return 0;
}
编译 g++ ptrace.cpp -o ptrace --static
测试 ./ptrace
输出
ORIG_EAX = 11, EAX = 0, EBX = 0
ORIG_EAX = 122, EAX = -38, EBX = -1074643290
ORIG_EAX = 122, EAX = 0, EBX = -1074643290
ORIG_EAX = 45, EAX = -38, EBX = 0
ORIG_EAX = 45, EAX = 161513472, EBX = 0
ORIG_EAX = 45, EAX = -38, EBX = 161516752
ORIG_EAX = 45, EAX = 161516752, EBX = 161516752
ORIG_EAX = 243, EAX = -38, EBX = -1074642896
ORIG_EAX = 243, EAX = 0, EBX = -1074642896
ORIG_EAX = 45, EAX = -38, EBX = 161651920
ORIG_EAX = 45, EAX = 161651920, EBX = 161651920
ORIG_EAX = 45, EAX = -38, EBX = 161652736
ORIG_EAX = 45, EAX = 161652736, EBX = 161652736
ORIG_EAX = 197, EAX = -38, EBX = 1
ORIG_EAX = 197, EAX = 0, EBX = 1
ORIG_EAX = 192, EAX = -38, EBX = 0
ORIG_EAX = 192, EAX = -1217093632, EBX = 0
ORIG_EAX = 4, EAX = -38, EBX = 1
---------- test 1 ----------
ORIG_EAX = 4, EAX = 29, EBX = 1
ORIG_EAX = 4, EAX = -38, EBX = 1
---------- test 2 ----------
ORIG_EAX = 4, EAX = 29, EBX = 1
ORIG_EAX = 4, EAX = -38, EBX = 1
---------- test 3 ----------
ORIG_EAX = 4, EAX = 29, EBX = 1
ORIG_EAX = 252, EAX = -38, EBX = 0
