2 * Copyright (c) 1991, 1992 Paul Kranenburg <pk@cs.few.eur.nl>
3 * Copyright (c) 1993 Branko Lankester <branko@hacktic.nl>
4 * Copyright (c) 1993, 1994, 1995, 1996 Rick Sladkey <jrs@world.std.com>
5 * Copyright (c) 1996-1999 Wichert Akkerman <wichert@cistron.nl>
6 * Copyright (c) 1999 IBM Deutschland Entwicklung GmbH, IBM Corporation
7 * Linux for s390 port by D.J. Barrow
8 * <barrow_dj@mail.yahoo.com,djbarrow@de.ibm.com>
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 * 3. The name of the author may not be used to endorse or promote products
20 * derived from this software without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
23 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
24 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
25 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
27 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
31 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39 #include <sys/syscall.h>
41 #include <sys/param.h>
47 #include <machine/reg.h>
52 #if defined(linux) && (__GLIBC__ < 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ < 1))
53 #include <linux/ptrace.h>
56 #if defined(LINUX) && defined(IA64)
57 # include <asm/ptrace_offsets.h>
63 # define PTRACE_PEEKUSR PTRACE_PEEKUSER
64 #elif defined(HAVE_LINUX_PTRACE_H)
66 #include <linux/ptrace.h>
69 #ifdef SUNOS4_KERNEL_ARCH_KLUDGE
70 #include <sys/utsname.h>
71 #endif /* SUNOS4_KERNEL_ARCH_KLUDGE */
73 #if defined(LINUX) && defined(SPARC)
77 #if !defined(__GLIBC__)
79 #include <linux/unistd.h>
81 #define _hack_syscall5(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4,\
83 type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4,type5 arg5) \
87 __asm__ volatile ("or %%g0, %1, %%o0\n\t" \
88 "or %%g0, %2, %%o1\n\t" \
89 "or %%g0, %3, %%o2\n\t" \
90 "or %%g0, %4, %%o3\n\t" \
91 "or %%g0, %5, %%o4\n\t" \
92 "or %%g0, %6, %%g1\n\t" \
95 "or %%g0, %%o0, %0\n\t" \
96 "sub %%g0, %%o0, %0\n\t" \
99 : "0" ((long)(arg1)),"1" ((long)(arg2)), \
100 "2" ((long)(arg3)),"3" ((long)(arg4)),"4" ((long)(arg5)), \
101 "i" (__NR_##syscall) \
102 : "g1", "o0", "o1", "o2", "o3", "o4"); \
104 return (type) __res; \
109 static _hack_syscall5(int,_ptrace,int,__request,int,__pid,int,__addr,int,__data,int,__addr2,ptrace)
119 #define MAX(a,b) (((a) > (b)) ? (a) : (b))
122 #define MIN(a,b) (((a) < (b)) ? (a) : (b))
139 return a->tv_sec || a->tv_usec;
144 struct timeval *a, *b;
146 if (a->tv_sec < b->tv_sec
147 || (a->tv_sec == b->tv_sec && a->tv_usec < b->tv_usec))
149 if (a->tv_sec > b->tv_sec
150 || (a->tv_sec == b->tv_sec && a->tv_usec > b->tv_usec))
159 return tv->tv_sec + tv->tv_usec/1000000.0;
164 struct timeval *tv, *a, *b;
166 tv->tv_sec = a->tv_sec + b->tv_sec;
167 tv->tv_usec = a->tv_usec + b->tv_usec;
168 if (tv->tv_usec > 1000000) {
170 tv->tv_usec -= 1000000;
176 struct timeval *tv, *a, *b;
178 tv->tv_sec = a->tv_sec - b->tv_sec;
179 tv->tv_usec = a->tv_usec - b->tv_usec;
180 if (((long) tv->tv_usec) < 0) {
182 tv->tv_usec += 1000000;
188 struct timeval *tv, *a;
191 tv->tv_usec = (a->tv_sec % n * 1000000 + a->tv_usec + n / 2) / n;
192 tv->tv_sec = a->tv_sec / n + tv->tv_usec / 1000000;
193 tv->tv_usec %= 1000000;
198 struct timeval *tv, *a;
201 tv->tv_usec = a->tv_usec * n;
202 tv->tv_sec = a->tv_sec * n + a->tv_usec / 1000000;
203 tv->tv_usec %= 1000000;
211 for (; xlat->str != NULL; xlat++)
212 if (xlat->val == val)
218 * Print entry in struct xlat table, if there.
221 printxval(xlat, val, dflt)
226 char *str = xlookup(xlat, val);
231 tprintf("%#x /* %s */", val, dflt);
235 * Interpret `xlat' as an array of flags
236 * print the entries whose bits are on in `flags'
237 * return # of flags printed.
240 addflags(xlat, flags)
246 for (n = 0; xlat->str; xlat++) {
247 if (xlat->val && (flags & xlat->val) == xlat->val) {
248 tprintf("|%s", xlat->str);
254 tprintf("|%#x", flags);
261 printflags(xlat, flags)
268 if (flags == 0 && xlat->val == 0) {
269 tprintf("%s", xlat->str);
274 for (n = 0; xlat->str; xlat++) {
275 if (xlat->val && (flags & xlat->val) == xlat->val) {
276 tprintf("%s%s", sep, xlat->str);
283 tprintf("%s%#x", sep, flags);
290 printnum(tcp, addr, fmt)
301 if (umove(tcp, addr, &num) < 0) {
302 tprintf("%#lx", addr);
310 static char path[MAXPATHLEN + 1];
316 char buf[2 * MAXPATHLEN + 1];
319 if (!strpbrk(str, "\"\'\\")) {
320 tprintf("\"%s\"", str);
323 for (s = buf; *str; str++) {
325 case '\"': case '\'': case '\\':
326 *s++ = '\\'; *s++ = *str; break;
332 tprintf("\"%s\"", buf);
340 if (umovestr(tcp, addr, MAXPATHLEN, path) < 0)
341 tprintf("%#lx", addr);
348 printpathn(tcp, addr, n)
353 if (umovestr(tcp, addr, n, path) < 0)
354 tprintf("%#lx", addr);
362 printstr(tcp, addr, len)
367 static unsigned char *str = NULL;
377 if ((str = malloc(max_strlen)) == NULL
378 || (outstr = malloc(2*max_strlen)) == NULL) {
379 fprintf(stderr, "printstr: no memory\n");
380 tprintf("%#lx", addr);
384 outend = outstr + max_strlen * 2 - 10;
387 if (umovestr(tcp, addr, n, (char *) str) < 0) {
388 tprintf("%#lx", addr);
393 n = MIN(len, max_strlen);
394 if (umoven(tcp, addr, n, (char *) str) < 0) {
395 tprintf("%#lx", addr);
404 for (i = 0; i < n; i++) {
406 if (len < 0 && c == '\0')
408 if (!isprint(c) && !isspace(c)) {
419 for (i = 0; i < n; i++) {
421 if (len < 0 && c == '\0')
423 sprintf(s, "\\x%02x", c);
430 for (i = 0; i < n; i++) {
432 if (len < 0 && c == '\0')
435 case '\"': case '\'': case '\\':
436 *s++ = '\\'; *s++ = c; break;
438 *s++ = '\\'; *s++ = 'f'; break;
440 *s++ = '\\'; *s++ = 'n'; break;
442 *s++ = '\\'; *s++ = 'r'; break;
444 *s++ = '\\'; *s++ = 't'; break;
446 *s++ = '\\'; *s++ = 'v'; break;
450 else if (i < n - 1 && isdigit(str[i + 1])) {
451 sprintf(s, "\\%03o", c);
455 sprintf(s, "\\%o", c);
466 if (i < len || (len < 0 && (i == n || s > outend))) {
467 *s++ = '.'; *s++ = '.'; *s++ = '.';
470 tprintf("%s", outstr);
475 dumpiov(tcp, len, addr)
484 if ((iov = (struct iovec *) malloc(len * sizeof *iov)) == NULL) {
485 fprintf(stderr, "dump: No memory");
488 if (umoven(tcp, addr,
489 len * sizeof *iov, (char *) iov) >= 0) {
491 for (i = 0; i < len; i++) {
492 /* include the buffer number to make it easy to
493 * match up the trace with the source */
494 tprintf(" * %lu bytes in buffer %d\n",
495 (unsigned long)iov[i].iov_len, i);
496 dumpstr(tcp, (long) iov[i].iov_base,
506 dumpstr(tcp, addr, len)
511 static int strsize = -1;
512 static unsigned char *str;
513 static char outstr[80];
520 if ((str = malloc(len)) == NULL) {
521 fprintf(stderr, "dump: no memory\n");
527 if (umoven(tcp, addr, len, (char *) str) < 0)
530 for (i = 0; i < len; i += 16) {
532 sprintf(s, " | %05x ", i);
534 for (j = 0; j < 16; j++) {
538 sprintf(s, " %02x", str[i + j]);
542 *s++ = ' '; *s++ = ' '; *s++ = ' ';
545 *s++ = ' '; *s++ = ' ';
546 for (j = 0; j < 16; j++) {
550 if (isprint(str[i + j]))
558 tprintf("%s |\n", outstr);
562 #define PAGMASK (~(PAGSIZ - 1))
564 * move `len' bytes of data from process `pid'
565 * at address `addr' to our space at `laddr'
568 umoven(tcp, addr, len, laddr)
581 char x[sizeof(long)];
584 if (addr & (sizeof(long) - 1)) {
585 /* addr not a multiple of sizeof(long) */
586 n = addr - (addr & -sizeof(long)); /* residue */
587 addr &= -sizeof(long); /* residue */
589 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *) addr, 0);
591 if (started && (errno==EPERM || errno==EIO)) {
592 /* Ran into 'end of memory' - stupid "printpath" */
595 /* But if not started, we had a bogus address. */
596 perror("ptrace: umoven");
600 memcpy(laddr, &u.x[n], m = MIN(sizeof(long) - n, len));
601 addr += sizeof(long), laddr += m, len -= m;
605 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *) addr, 0);
607 if (started && (errno==EPERM || errno==EIO)) {
608 /* Ran into 'end of memory' - stupid "printpath" */
611 perror("ptrace: umoven");
615 memcpy(laddr, u.x, m = MIN(sizeof(long), len));
616 addr += sizeof(long), laddr += m, len -= m;
626 char x[sizeof(long)];
629 if (addr & (sizeof(long) - 1)) {
630 /* addr not a multiple of sizeof(long) */
631 n = addr - (addr & -sizeof(long)); /* residue */
632 addr &= -sizeof(long); /* residue */
634 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *) addr, 0);
639 memcpy(laddr, &u.x[n], m = MIN(sizeof(long) - n, len));
640 addr += sizeof(long), laddr += m, len -= m;
644 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *) addr, 0);
649 memcpy(laddr, u.x, m = MIN(sizeof(long), len));
650 addr += sizeof(long), laddr += m, len -= m;
656 n = MIN(len, PAGSIZ);
657 n = MIN(n, ((addr + PAGSIZ) & PAGMASK) - addr);
658 if (ptrace(PTRACE_READDATA, pid,
659 (char *) addr, len, laddr) < 0) {
660 perror("umoven: ptrace(PTRACE_READDATA, ...)");
672 #ifdef HAVE_MP_PROCFS
673 int fd = tcp->pfd_as;
677 lseek(fd, addr, SEEK_SET);
678 if (read(fd, laddr, len) == -1)
680 #endif /* USE_PROCFS */
686 * like `umove' but make the additional effort of looking
687 * for a terminating zero byte.
690 umovestr(tcp, addr, len, laddr)
697 #ifdef HAVE_MP_PROCFS
698 int fd = tcp->pfd_as;
702 /* Some systems (e.g. FreeBSD) can be upset if we read off the
703 end of valid memory, avoid this by trying to read up
704 to page boundaries. But we don't know what a page is (and
705 getpagesize(2) (if it exists) doesn't necessarily return
706 hardware page size). Assume all pages >= 1024 (a-historical
709 int page = 1024; /* How to find this? */
710 int move = page - (addr & (page - 1));
713 lseek(fd, addr, SEEK_SET);
716 if (move > left) move = left;
717 if ((move = read(fd, laddr, move)) <= 0)
718 return left != len ? 0 : -1;
719 if (memchr (laddr, 0, move)) break;
725 #else /* !USE_PROCFS */
731 char x[sizeof(long)];
734 if (addr & (sizeof(long) - 1)) {
735 /* addr not a multiple of sizeof(long) */
736 n = addr - (addr & -sizeof(long)); /* residue */
737 addr &= -sizeof(long); /* residue */
739 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *)addr, 0);
741 if (started && (errno==EPERM || errno==EIO)) {
742 /* Ran into 'end of memory' - stupid "printpath" */
749 memcpy(laddr, &u.x[n], m = MIN(sizeof(long)-n,len));
750 while (n & (sizeof(long) - 1))
751 if (u.x[n++] == '\0')
753 addr += sizeof(long), laddr += m, len -= m;
757 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *)addr, 0);
759 if (started && (errno==EPERM || errno==EIO)) {
760 /* Ran into 'end of memory' - stupid "printpath" */
767 memcpy(laddr, u.x, m = MIN(sizeof(long), len));
768 for (i = 0; i < sizeof(long); i++)
772 addr += sizeof(long), laddr += m, len -= m;
774 #endif /* !USE_PROCFS */
780 #define PTRACE_WRITETEXT 101
781 #define PTRACE_WRITEDATA 102
788 uload(cmd, pid, addr, len, laddr)
799 n = MIN(len, PAGSIZ);
800 n = MIN(n, ((addr + PAGSIZ) & PAGMASK) - addr);
801 if (ptrace(cmd, pid, (char *)addr, n, laddr) < 0) {
802 perror("uload: ptrace(PTRACE_WRITE, ...)");
814 char x[sizeof(long)];
817 if (cmd == PTRACE_WRITETEXT) {
818 peek = PTRACE_PEEKTEXT;
819 poke = PTRACE_POKETEXT;
822 peek = PTRACE_PEEKDATA;
823 poke = PTRACE_POKEDATA;
825 if (addr & (sizeof(long) - 1)) {
826 /* addr not a multiple of sizeof(long) */
827 n = addr - (addr & -sizeof(long)); /* residue */
828 addr &= -sizeof(long);
830 u.val = ptrace(peek, pid, (char *) addr, 0);
832 perror("uload: POKE");
835 memcpy(&u.x[n], laddr, m = MIN(sizeof(long) - n, len));
836 if (ptrace(poke, pid, (char *)addr, u.val) < 0) {
837 perror("uload: POKE");
840 addr += sizeof(long), laddr += m, len -= m;
843 if (len < sizeof(long))
844 u.val = ptrace(peek, pid, (char *) addr, 0);
845 memcpy(u.x, laddr, m = MIN(sizeof(long), len));
846 if (ptrace(poke, pid, (char *) addr, u.val) < 0) {
847 perror("uload: POKE");
850 addr += sizeof(long), laddr += m, len -= m;
857 tload(pid, addr, len, laddr)
862 return uload(PTRACE_WRITETEXT, pid, addr, len, laddr);
866 dload(pid, addr, len, laddr)
872 return uload(PTRACE_WRITEDATA, pid, addr, len, laddr);
887 #ifdef SUNOS4_KERNEL_ARCH_KLUDGE
889 static int is_sun4m = -1;
892 /* Round up the usual suspects. */
893 if (is_sun4m == -1) {
894 if (uname(&name) < 0) {
895 perror("upeek: uname?");
898 is_sun4m = strcmp(name.machine, "sun4m") == 0;
900 extern struct xlat struct_user_offsets[];
903 for (x = struct_user_offsets; x->str; x++)
910 #endif /* SUNOS4_KERNEL_ARCH_KLUDGE */
912 val = ptrace(PTRACE_PEEKUSER, pid, (char *) off, 0);
913 if (val == -1 && errno) {
915 sprintf(buf,"upeek: ptrace(PTRACE_PEEKUSER,%d,%lu,0)",pid,off);
923 #endif /* !USE_PROCFS */
933 if (upeek(tcp->pid, 4*EIP, &pc) < 0)
935 #elif defined(X86_64)
936 if (upeek(tcp->pid, 8*RIP, &pc) < 0)
939 if (upeek(tcp->pid, PT_B0, &pc) < 0)
942 if (upeek(tcp->pid, 4*15, &pc) < 0)
944 #elif defined(POWERPC)
945 if (upeek(tcp->pid, sizeof(unsigned long)*PT_NIP, &pc) < 0)
948 if (upeek(tcp->pid, 4*PT_PC, &pc) < 0)
951 if (upeek(tcp->pid, REG_PC, &pc) < 0)
954 if (upeek(tcp->pid, REG_EPC, &pc) < 0)
958 if (ptrace(PTRACE_GETREGS,tcp->pid,(char *)®s,0) < 0)
961 #elif defined(S390) || defined(S390X)
962 if(upeek(tcp->pid,PT_PSWADDR,&pc) < 0)
965 if(upeek(tcp->pid,PT_IAOQ0,&pc) < 0)
968 if (upeek(tcp->pid, 4*REG_PC ,&pc) < 0)
976 * Return current program counter for `pid'
977 * Assumes PC is never 0xffffffff
981 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *) ®s, 0) < 0) {
982 perror("getpc: ptrace(PTRACE_GETREGS, ...)");
995 pread(tcp->pfd_reg, ®s, sizeof(regs), 0);
1009 if (upeek(tcp->pid, 4*EIP, &eip) < 0) {
1010 tprintf("[????????] ");
1013 tprintf("[%08lx] ", eip);
1014 #elif defined(X86_64)
1017 if (upeek(tcp->pid, 8*RIP, &rip) < 0) {
1018 tprintf("[????????] ");
1021 tprintf("[%16lx] ", rip);
1025 if (upeek(tcp->pid, PT_B0, &ip) < 0) {
1026 tprintf("[????????] ");
1029 tprintf("[%08lx] ", ip);
1030 #elif defined(POWERPC)
1033 if (upeek(tcp->pid, sizeof(unsigned long)*PT_NIP, &pc) < 0) {
1034 tprintf ("[????????] ");
1037 tprintf("[%08lx] ", pc);
1041 if (upeek(tcp->pid, 4*PT_PC, &pc) < 0) {
1042 tprintf ("[????????] ");
1045 tprintf("[%08lx] ", pc);
1046 #elif defined(ALPHA)
1049 if (upeek(tcp->pid, REG_PC, &pc) < 0) {
1050 tprintf ("[????????] ");
1053 tprintf("[%08lx] ", pc);
1054 #elif defined(SPARC)
1056 if (ptrace(PTRACE_GETREGS,tcp->pid,(char *)®s,0) < 0) {
1057 tprintf("[????????] ");
1060 tprintf("[%08lx] ", regs.r_pc);
1064 if(upeek(tcp->pid,PT_IAOQ0,&pc) < 0) {
1065 tprintf ("[????????] ");
1068 tprintf("[%08lx] ", pc);
1072 if (upeek(tcp->pid, REG_EPC, &pc) < 0) {
1073 tprintf ("[????????] ");
1076 tprintf("[%08lx] ", pc);
1080 if (upeek(tcp->pid, 4*REG_PC, &pc) < 0) {
1081 tprintf ("[????????] ");
1084 tprintf("[%08lx] ", pc);
1085 #endif /* !architecture */
1091 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *) ®s, 0) < 0) {
1092 perror("printcall: ptrace(PTRACE_GETREGS, ...)");
1093 tprintf("[????????] ");
1096 tprintf("[%08x] ", regs.r_o7);
1101 tprintf("[????????] ");
1106 pread(tcp->pfd_reg, ®s, sizeof(regs), 0);
1107 tprintf("[%08x] ", regs.r_eip);
1108 #endif /* FREEBSD */
1115 #include <sys/syscall.h>
1116 #ifndef CLONE_PTRACE
1117 # define CLONE_PTRACE 0x00002000
1122 typedef unsigned long *arg_setup_state;
1125 arg_setup(struct tcb *tcp, arg_setup_state *state)
1127 unsigned long *bsp, cfm, sof, sol;
1129 if (upeek(tcp->pid, PT_AR_BSP, (long *) &bsp) < 0)
1131 if (upeek(tcp->pid, PT_CFM, (long *) &cfm) < 0)
1134 sof = (cfm >> 0) & 0x7f;
1135 sol = (cfm >> 7) & 0x7f;
1136 bsp = ia64_rse_skip_regs(bsp, -sof + sol);
1142 # define arg_finish_change(tcp, state) 0
1146 get_arg0 (struct tcb *tcp, arg_setup_state *state, long *valp)
1148 return umoven (tcp, (unsigned long) ia64_rse_skip_regs(*state, 0),
1149 sizeof(long), (void *) valp);
1153 get_arg1 (struct tcb *tcp, arg_setup_state *state, long *valp)
1155 return umoven (tcp, (unsigned long) ia64_rse_skip_regs(*state, 1),
1156 sizeof(long), (void *) valp);
1161 set_arg0 (struct tcb *tcp, arg_setup_state *state, long val)
1164 ap = ia64_rse_skip_regs(*state, 0);
1166 ptrace(PTRACE_POKEDATA, tcp->pid, (void *) ap, val);
1167 return errno ? -1 : 0;
1171 set_arg1 (struct tcb *tcp, arg_setup_state *state, long val)
1174 ap = ia64_rse_skip_regs(*state, 1);
1176 ptrace(PTRACE_POKEDATA, tcp->pid, (void *) ap, val);
1177 return errno ? -1 : 0;
1180 #elif defined (SPARC)
1182 typedef struct regs arg_setup_state;
1184 # define arg_setup(tcp, state) \
1185 (ptrace (PTRACE_GETREGS, tcp->pid, (char *) (state), 0))
1186 # define arg_finish_change(tcp, state) \
1187 (ptrace (PTRACE_SETREGS, tcp->pid, (char *) (state), 0))
1189 # define get_arg0(tcp, state, valp) (*(valp) = (state)->r_o0, 0)
1190 # define get_arg1(tcp, state, valp) (*(valp) = (state)->r_o1, 0)
1191 # define set_arg0(tcp, state, val) ((state)->r_o0 = (val), 0)
1192 # define set_arg1(tcp, state, val) ((state)->r_o1 = (val), 0)
1193 # define restore_arg0(tcp, state, val) 0
1197 # if defined S390 || defined S390X
1198 # define arg0_offset PT_ORIGGPR2
1199 # define arg1_offset PT_GPR2
1200 # define restore_arg0(tcp, state, val) 0
1201 # define restore_arg1(tcp, state, val) 0
1202 # elif defined (ALPHA) || defined (MIPS)
1203 # define arg0_offset REG_A0
1204 # define arg1_offset (REG_A0+1)
1205 # elif defined (POWERPC)
1206 # define arg0_offset (sizeof(unsigned long)*PT_R3)
1207 # define arg1_offset (sizeof(unsigned long)*PT_R4)
1208 # define restore_arg0(tcp, state, val) 0
1209 # elif defined (HPPA)
1210 # define arg0_offset PT_GR26
1211 # define arg1_offset (PT_GR26-4)
1212 # elif defined (X86_64)
1213 # define arg0_offset ((long)(8*(current_personality ? RBX : RDI)))
1214 # define arg1_offset ((long)(8*(current_personality ? RCX : RSI)))
1216 # define arg0_offset 0
1217 # define arg1_offset 4
1218 # if defined SH || defined ARM
1219 # define restore_arg0(tcp, state, val) 0
1223 typedef int arg_setup_state;
1225 # define arg_setup(tcp, state) (0)
1226 # define arg_finish_change(tcp, state) 0
1227 # define get_arg0(tcp, cookie, valp) \
1228 (upeek ((tcp)->pid, arg0_offset, (valp)))
1229 # define get_arg1(tcp, cookie, valp) \
1230 (upeek ((tcp)->pid, arg1_offset, (valp)))
1233 set_arg0 (struct tcb *tcp, void *cookie, long val)
1235 return ptrace (PTRACE_POKEUSER, tcp->pid, (char*)arg0_offset, val);
1239 set_arg1 (struct tcb *tcp, void *cookie, long val)
1241 return ptrace (PTRACE_POKEUSER, tcp->pid, (char*)arg1_offset, val);
1246 #ifndef restore_arg0
1247 # define restore_arg0(tcp, state, val) set_arg0((tcp), (state), (val))
1249 #ifndef restore_arg1
1250 # define restore_arg1(tcp, state, val) set_arg1((tcp), (state), (val))
1257 extern int change_syscall(struct tcb *, int);
1258 arg_setup_state state;
1260 if (tcp->flags & TCB_BPTSET) {
1261 fprintf(stderr, "PANIC: TCB already set in pid %u\n", tcp->pid);
1265 switch (tcp->scno) {
1272 #if defined SYS_fork || defined SYS_vfork
1273 if (arg_setup (tcp, &state) < 0
1274 || get_arg0 (tcp, &state, &tcp->inst[0]) < 0
1275 || get_arg1 (tcp, &state, &tcp->inst[1]) < 0
1276 || change_syscall(tcp, SYS_clone) < 0
1277 || set_arg0 (tcp, &state, CLONE_PTRACE|SIGCHLD) < 0
1278 || set_arg1 (tcp, &state, 0) < 0
1279 || arg_finish_change (tcp, &state) < 0)
1281 tcp->u_arg[0] = CLONE_PTRACE|SIGCHLD;
1283 tcp->flags |= TCB_BPTSET;
1291 if ((tcp->u_arg[0] & CLONE_PTRACE) == 0
1292 && (arg_setup (tcp, &state) < 0
1293 || set_arg0 (tcp, &state, tcp->u_arg[0] | CLONE_PTRACE) < 0
1294 || arg_finish_change (tcp, &state) < 0))
1296 tcp->flags |= TCB_BPTSET;
1297 tcp->inst[0] = tcp->u_arg[0];
1298 tcp->inst[1] = tcp->u_arg[1];
1302 fprintf(stderr, "PANIC: setbpt for syscall %ld on %u???\n",
1303 tcp->scno, tcp->pid);
1314 arg_setup_state state;
1315 if (arg_setup (tcp, &state) < 0
1316 || restore_arg0 (tcp, &state, tcp->inst[0]) < 0
1317 || restore_arg1 (tcp, &state, tcp->inst[1]) < 0
1318 || arg_finish_change (tcp, &state))
1320 tcp->flags &= ~TCB_BPTSET;
1333 /* We simply use the SunOS breakpoint code. */
1336 #define LOOPA 0x30800000 /* ba,a 0 */
1338 if (tcp->flags & TCB_BPTSET) {
1339 fprintf(stderr, "PANIC: TCB already set in pid %u\n", tcp->pid);
1342 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *)®s, 0) < 0) {
1343 perror("setbpt: ptrace(PTRACE_GETREGS, ...)");
1346 tcp->baddr = regs.r_o7 + 8;
1348 tcp->inst[0] = ptrace(PTRACE_PEEKTEXT, tcp->pid, (char *)tcp->baddr, 0);
1350 perror("setbpt: ptrace(PTRACE_PEEKTEXT, ...)");
1355 * XXX - BRUTAL MODE ON
1356 * We cannot set a real BPT in the child, since it will not be
1357 * traced at the moment it will reach the trap and would probably
1358 * die with a core dump.
1359 * Thus, we are force our way in by taking out two instructions
1360 * and insert an eternal loop instead, in expectance of the SIGSTOP
1361 * generated by out PTRACE_ATTACH.
1362 * Of cause, if we evaporate ourselves in the middle of all this...
1365 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, LOOPA);
1367 perror("setbpt: ptrace(PTRACE_POKETEXT, ...)");
1370 tcp->flags |= TCB_BPTSET;
1375 # define LOOP 0x0000feeb
1376 if (tcp->flags & TCB_BPTSET) {
1377 fprintf(stderr, "PANIC: bpt already set in pid %u\n",
1381 if (upeek(tcp->pid, PT_CR_IIP, &tcp->baddr) < 0)
1384 fprintf(stderr, "[%d] setting bpt at %lx\n",
1385 tcp->pid, tcp->baddr);
1386 tcp->inst[0] = ptrace(PTRACE_PEEKTEXT, tcp->pid,
1387 (char *) tcp->baddr, 0);
1389 perror("setbpt: ptrace(PTRACE_PEEKTEXT, ...)");
1392 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, LOOP);
1394 perror("setbpt: ptrace(PTRACE_POKETEXT, ...)");
1397 tcp->flags |= TCB_BPTSET;
1400 * Our strategy here is to replace the bundle that
1401 * contained the clone() syscall with a bundle of the
1404 * { 1: br 1b; br 1b; br 1b }
1406 * This ensures that the newly forked child will loop
1407 * endlessly until we've got a chance to attach to it.
1409 # define LOOP0 0x0000100000000017
1410 # define LOOP1 0x4000000000200000
1411 unsigned long addr, ipsr;
1415 if (upeek(pid, PT_CR_IPSR, &ipsr) < 0)
1417 if (upeek(pid, PT_CR_IIP, &addr) < 0)
1419 /* store "ri" in low two bits */
1420 tcp->baddr = addr | ((ipsr >> 41) & 0x3);
1423 tcp->inst[0] = ptrace(PTRACE_PEEKTEXT, pid, (char *) addr + 0,
1425 tcp->inst[1] = ptrace(PTRACE_PEEKTEXT, pid, (char *) addr + 8,
1428 perror("setbpt: ptrace(PTRACE_PEEKTEXT, ...)");
1433 ptrace(PTRACE_POKETEXT, pid, (char *) addr + 0, LOOP0);
1434 ptrace(PTRACE_POKETEXT, pid, (char *) addr + 8, LOOP1);
1436 perror("setbpt: ptrace(PTRACE_POKETEXT, ...)");
1439 tcp->flags |= TCB_BPTSET;
1443 #if defined (I386) || defined(X86_64)
1444 #define LOOP 0x0000feeb
1445 #elif defined (M68K)
1446 #define LOOP 0x60fe0000
1447 #elif defined (ALPHA)
1448 #define LOOP 0xc3ffffff
1449 #elif defined (POWERPC)
1450 #define LOOP 0x48000000
1452 #define LOOP 0xEAFFFFFE
1454 #define LOOP 0x1000ffff
1456 #define LOOP 0xa7f40000 /* BRC 15,0 */
1457 #elif defined(S390X)
1458 #define LOOP 0xa7f4000000000000UL /* BRC 15,0 */
1460 #define LOOP 0xe81f1ff7 /* b,l,n <loc>,r0 */
1462 #ifdef __LITTLE_ENDIAN__
1463 #define LOOP 0x0000affe
1465 #define LOOP 0xfeaf0000
1468 #error unknown architecture
1471 if (tcp->flags & TCB_BPTSET) {
1472 fprintf(stderr, "PANIC: bpt already set in pid %u\n", tcp->pid);
1476 if (upeek(tcp->pid, 4*EIP, &tcp->baddr) < 0)
1478 #elif defined (X86_64)
1479 if (upeek(tcp->pid, 8*RIP, &tcp->baddr) < 0)
1481 #elif defined (M68K)
1482 if (upeek(tcp->pid, 4*PT_PC, &tcp->baddr) < 0)
1484 #elif defined (ALPHA)
1488 #elif defined (MIPS)
1489 return -1; /* FIXME: I do not know what i do - Flo */
1490 #elif defined (POWERPC)
1491 if (upeek(tcp->pid, sizeof(unsigned long)*PT_NIP, &tcp->baddr) < 0)
1493 #elif defined(S390) || defined(S390X)
1494 if (upeek(tcp->pid,PT_PSWADDR, &tcp->baddr) < 0)
1497 if (upeek(tcp->pid, PT_IAOQ0, &tcp->baddr) < 0)
1499 tcp->baddr &= ~0x03;
1501 if (upeek(tcp->pid, 4*REG_PC, &tcp->baddr) < 0)
1504 #error unknown architecture
1507 fprintf(stderr, "[%d] setting bpt at %lx\n", tcp->pid, tcp->baddr);
1508 tcp->inst[0] = ptrace(PTRACE_PEEKTEXT, tcp->pid, (char *) tcp->baddr, 0);
1510 perror("setbpt: ptrace(PTRACE_PEEKTEXT, ...)");
1513 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, LOOP);
1515 perror("setbpt: ptrace(PTRACE_POKETEXT, ...)");
1518 tcp->flags |= TCB_BPTSET;
1525 #ifdef SPARC /* This code is slightly sparc specific */
1528 #define BPT 0x91d02001 /* ta 1 */
1529 #define LOOP 0x10800000 /* ba 0 */
1530 #define LOOPA 0x30800000 /* ba,a 0 */
1531 #define NOP 0x01000000
1533 static int loopdeloop[1] = {LOOPA};
1535 static int loopdeloop[2] = {LOOP, NOP};
1538 if (tcp->flags & TCB_BPTSET) {
1539 fprintf(stderr, "PANIC: TCB already set in pid %u\n", tcp->pid);
1542 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *)®s, 0) < 0) {
1543 perror("setbpt: ptrace(PTRACE_GETREGS, ...)");
1546 tcp->baddr = regs.r_o7 + 8;
1547 if (ptrace(PTRACE_READTEXT, tcp->pid, (char *)tcp->baddr,
1548 sizeof tcp->inst, (char *)tcp->inst) < 0) {
1549 perror("setbpt: ptrace(PTRACE_READTEXT, ...)");
1554 * XXX - BRUTAL MODE ON
1555 * We cannot set a real BPT in the child, since it will not be
1556 * traced at the moment it will reach the trap and would probably
1557 * die with a core dump.
1558 * Thus, we are force our way in by taking out two instructions
1559 * and insert an eternal loop in stead, in expectance of the SIGSTOP
1560 * generated by out PTRACE_ATTACH.
1561 * Of cause, if we evaporate ourselves in the middle of all this...
1563 if (ptrace(PTRACE_WRITETEXT, tcp->pid, (char *) tcp->baddr,
1564 sizeof loopdeloop, (char *) loopdeloop) < 0) {
1565 perror("setbpt: ptrace(PTRACE_WRITETEXT, ...)");
1568 tcp->flags |= TCB_BPTSET;
1582 #if defined(I386) || defined(X86_64)
1584 #elif defined(POWERPC)
1588 #elif defined(ALPHA)
1594 #endif /* architecture */
1597 /* Again, we borrow the SunOS breakpoint code. */
1598 if (!(tcp->flags & TCB_BPTSET)) {
1599 fprintf(stderr, "PANIC: TCB not set in pid %u\n", tcp->pid);
1603 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, tcp->inst[0]);
1605 perror("clearbtp: ptrace(PTRACE_POKETEXT, ...)");
1608 tcp->flags &= ~TCB_BPTSET;
1614 fprintf(stderr, "[%d] clearing bpt\n", tcp->pid);
1615 if (!(tcp->flags & TCB_BPTSET)) {
1616 fprintf(stderr, "PANIC: TCB not set in pid %u\n", tcp->pid);
1620 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, tcp->inst[0]);
1622 perror("clearbtp: ptrace(PTRACE_POKETEXT, ...)");
1625 tcp->flags &= ~TCB_BPTSET;
1627 if (upeek(tcp->pid, PT_CR_IIP, &addr) < 0)
1629 if (addr != tcp->baddr) {
1630 /* The breakpoint has not been reached yet. */
1633 "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1638 unsigned long addr, ipsr;
1643 if (upeek(pid, PT_CR_IPSR, &ipsr) < 0)
1645 if (upeek(pid, PT_CR_IIP, &addr) < 0)
1648 /* restore original bundle: */
1650 ptrace(PTRACE_POKETEXT, pid, (char *) addr + 0, tcp->inst[0]);
1651 ptrace(PTRACE_POKETEXT, pid, (char *) addr + 8, tcp->inst[1]);
1653 perror("clearbpt: ptrace(PTRACE_POKETEXT, ...)");
1657 /* restore original "ri" in ipsr: */
1658 ipsr = (ipsr & ~(0x3ul << 41)) | ((tcp->baddr & 0x3) << 41);
1660 ptrace(PTRACE_POKEUSER, pid, (char *) PT_CR_IPSR, ipsr);
1662 perror("clrbpt: ptrace(PTRACE_POKEUSER, ...)");
1666 tcp->flags &= ~TCB_BPTSET;
1668 if (addr != (tcp->baddr & ~0x3)) {
1669 /* the breakpoint has not been reached yet. */
1671 fprintf(stderr, "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1676 #else /* !IA64 && ! SPARC */
1679 fprintf(stderr, "[%d] clearing bpt\n", tcp->pid);
1680 if (!(tcp->flags & TCB_BPTSET)) {
1681 fprintf(stderr, "PANIC: TCB not set in pid %u\n", tcp->pid);
1685 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, tcp->inst[0]);
1687 perror("clearbtp: ptrace(PTRACE_POKETEXT, ...)");
1690 tcp->flags &= ~TCB_BPTSET;
1693 if (upeek(tcp->pid, 4*EIP, &eip) < 0)
1695 if (eip != tcp->baddr) {
1696 /* The breakpoint has not been reached yet. */
1699 "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1703 #elif defined(X86_64)
1704 if (upeek(tcp->pid, 8*RIP, &eip) < 0)
1706 if (eip != tcp->baddr) {
1707 /* The breakpoint has not been reached yet. */
1710 "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1714 #elif defined(POWERPC)
1715 if (upeek(tcp->pid, sizeof(unsigned long)*PT_NIP, &pc) < 0)
1717 if (pc != tcp->baddr) {
1718 /* The breakpoint has not been reached yet. */
1720 fprintf(stderr, "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1725 if (upeek(tcp->pid, 4*PT_PC, &pc) < 0)
1727 if (pc != tcp->baddr) {
1728 /* The breakpoint has not been reached yet. */
1730 fprintf(stderr, "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1734 #elif defined(ALPHA)
1735 if (upeek(tcp->pid, REG_PC, &pc) < 0)
1737 if (pc != tcp->baddr) {
1738 /* The breakpoint has not been reached yet. */
1740 fprintf(stderr, "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1745 if (upeek(tcp->pid, PT_IAOQ0, &iaoq) < 0)
1748 if (iaoq != tcp->baddr && iaoq != tcp->baddr + 4) {
1749 /* The breakpoint has not been reached yet. */
1751 fprintf(stderr, "NOTE: PC not at bpt (iaoq %#lx baddr %#lx)\n",
1755 iaoq = tcp->baddr | 3;
1756 /* We should be pointing at a 'ldi -1000,r1' in glibc, so it is
1757 * safe to set both IAOQ0 and IAOQ1 to that so the PSW N bit
1758 * has no significant effect.
1760 ptrace(PTRACE_POKEUSER, tcp->pid, (void *)PT_IAOQ0, iaoq);
1761 ptrace(PTRACE_POKEUSER, tcp->pid, (void *)PT_IAOQ1, iaoq);
1763 if (upeek(tcp->pid, 4*REG_PC, &pc) < 0)
1765 if (pc != tcp->baddr) {
1766 /* The breakpoint has not been reached yet. */
1768 fprintf(stderr, "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1774 #endif /* !SPARC && !IA64 */
1784 if (!(tcp->flags & TCB_BPTSET)) {
1785 fprintf(stderr, "PANIC: TCB not set in pid %u\n", tcp->pid);
1788 if (ptrace(PTRACE_WRITETEXT, tcp->pid, (char *) tcp->baddr,
1789 sizeof tcp->inst, (char *) tcp->inst) < 0) {
1790 perror("clearbtp: ptrace(PTRACE_WRITETEXT, ...)");
1793 tcp->flags &= ~TCB_BPTSET;
1797 * Since we don't have a single instruction breakpoint, we may have
1798 * to adjust the program counter after removing the our `breakpoint'.
1800 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *)®s, 0) < 0) {
1801 perror("clearbpt: ptrace(PTRACE_GETREGS, ...)");
1804 if ((regs.r_pc < tcp->baddr) ||
1805 (regs.r_pc > tcp->baddr + 4)) {
1806 /* The breakpoint has not been reached yet */
1809 "NOTE: PC not at bpt (pc %#x baddr %#x)\n",
1810 regs.r_pc, tcp->parent->baddr);
1813 if (regs.r_pc != tcp->baddr)
1815 fprintf(stderr, "NOTE: PC adjusted (%#x -> %#x\n",
1816 regs.r_pc, tcp->baddr);
1818 regs.r_pc = tcp->baddr;
1819 if (ptrace(PTRACE_SETREGS, tcp->pid, (char *)®s, 0) < 0) {
1820 perror("clearbpt: ptrace(PTRACE_SETREGS, ...)");
1832 #endif /* !USE_PROCFS */
1843 for (n = 0; n < sizeof *hdr; n += 4) {
1845 if (upeek(pid, uoff(u_exdata) + n, &res) < 0)
1847 memcpy(((char *) hdr) + n, &res, 4);
1850 fprintf(stderr, "[struct exec: magic: %o version %u Mach %o\n",
1851 hdr->a_magic, hdr->a_toolversion, hdr->a_machtype);
1852 fprintf(stderr, "Text %lu Data %lu Bss %lu Syms %lu Entry %#lx]\n",
1853 hdr->a_text, hdr->a_data, hdr->a_bss, hdr->a_syms, hdr->a_entry);
1864 * Change `vfork' in a freshly exec'ed dynamically linked
1865 * executable's (internal) symbol table to plain old `fork'
1869 struct link_dynamic dyn;
1870 struct link_dynamic_2 ld;
1873 if (getex(pid, &hdr) < 0)
1878 if (umove(tcp, (int) N_DATADDR(hdr), &dyn) < 0) {
1879 fprintf(stderr, "Cannot read DYNAMIC\n");
1882 if (umove(tcp, (int) dyn.ld_un.ld_2, &ld) < 0) {
1883 fprintf(stderr, "Cannot read link_dynamic_2\n");
1886 if ((strtab = malloc((unsigned)ld.ld_symb_size)) == NULL) {
1887 fprintf(stderr, "fixvfork: out of memory\n");
1890 if (umoven(tcp, (int)ld.ld_symbols+(int)N_TXTADDR(hdr),
1891 (int)ld.ld_symb_size, strtab) < 0)
1895 for (cp = strtab; cp < strtab + ld.ld_symb_size; ) {
1896 fprintf(stderr, "[symbol: %s]\n", cp);
1901 for (cp = strtab; cp < strtab + ld.ld_symb_size; ) {
1902 if (strcmp(cp, "_vfork") == 0) {
1904 fprintf(stderr, "fixvfork: FOUND _vfork\n");
1905 strcpy(cp, "_fork");
1910 if (cp < strtab + ld.ld_symb_size)
1912 * Write entire symbol table back to avoid
1913 * memory alignment bugs in ptrace
1915 if (tload(pid, (int)ld.ld_symbols+(int)N_TXTADDR(hdr),
1916 (int)ld.ld_symb_size, strtab) < 0)