2 * Copyright (c) 1991, 1992 Paul Kranenburg <pk@cs.few.eur.nl>
3 * Copyright (c) 1993 Branko Lankester <branko@hacktic.nl>
4 * Copyright (c) 1993, 1994, 1995, 1996 Rick Sladkey <jrs@world.std.com>
5 * Copyright (c) 1996-1999 Wichert Akkerman <wichert@cistron.nl>
6 * Copyright (c) 1999 IBM Deutschland Entwicklung GmbH, IBM Corporation
7 * Linux for s390 port by D.J. Barrow
8 * <barrow_dj@mail.yahoo.com,djbarrow@de.ibm.com>
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 * 3. The name of the author may not be used to endorse or promote products
20 * derived from this software without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
23 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
24 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
25 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
27 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
31 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39 #include <sys/syscall.h>
41 #include <sys/param.h>
47 #include <machine/reg.h>
52 #if defined(linux) && (__GLIBC__ < 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ < 1))
53 #include <linux/ptrace.h>
56 #if defined(LINUX) && defined(IA64)
57 # include <asm/ptrace_offsets.h>
63 # define PTRACE_PEEKUSR PTRACE_PEEKUSER
64 #elif defined(HAVE_LINUX_PTRACE_H)
66 #include <linux/ptrace.h>
69 #ifdef SUNOS4_KERNEL_ARCH_KLUDGE
70 #include <sys/utsname.h>
71 #endif /* SUNOS4_KERNEL_ARCH_KLUDGE */
73 #if defined(LINUX) && defined(SPARC)
75 # define fpq kernel_fpq
77 # define fpu kernel_fpu
83 #if !defined(__GLIBC__)
85 #include <linux/unistd.h>
87 #define _hack_syscall5(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4,\
89 type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4,type5 arg5) \
93 __asm__ volatile ("or %%g0, %1, %%o0\n\t" \
94 "or %%g0, %2, %%o1\n\t" \
95 "or %%g0, %3, %%o2\n\t" \
96 "or %%g0, %4, %%o3\n\t" \
97 "or %%g0, %5, %%o4\n\t" \
98 "or %%g0, %6, %%g1\n\t" \
101 "or %%g0, %%o0, %0\n\t" \
102 "sub %%g0, %%o0, %0\n\t" \
105 : "0" ((long)(arg1)),"1" ((long)(arg2)), \
106 "2" ((long)(arg3)),"3" ((long)(arg4)),"4" ((long)(arg5)), \
107 "i" (__NR_##syscall) \
108 : "g1", "o0", "o1", "o2", "o3", "o4"); \
110 return (type) __res; \
115 static _hack_syscall5(int,_ptrace,int,__request,int,__pid,int,__addr,int,__data,int,__addr2,ptrace)
125 #define MAX(a,b) (((a) > (b)) ? (a) : (b))
128 #define MIN(a,b) (((a) < (b)) ? (a) : (b))
145 return a->tv_sec || a->tv_usec;
150 struct timeval *a, *b;
152 if (a->tv_sec < b->tv_sec
153 || (a->tv_sec == b->tv_sec && a->tv_usec < b->tv_usec))
155 if (a->tv_sec > b->tv_sec
156 || (a->tv_sec == b->tv_sec && a->tv_usec > b->tv_usec))
165 return tv->tv_sec + tv->tv_usec/1000000.0;
170 struct timeval *tv, *a, *b;
172 tv->tv_sec = a->tv_sec + b->tv_sec;
173 tv->tv_usec = a->tv_usec + b->tv_usec;
174 if (tv->tv_usec > 1000000) {
176 tv->tv_usec -= 1000000;
182 struct timeval *tv, *a, *b;
184 tv->tv_sec = a->tv_sec - b->tv_sec;
185 tv->tv_usec = a->tv_usec - b->tv_usec;
186 if (((long) tv->tv_usec) < 0) {
188 tv->tv_usec += 1000000;
194 struct timeval *tv, *a;
197 tv->tv_usec = (a->tv_sec % n * 1000000 + a->tv_usec + n / 2) / n;
198 tv->tv_sec = a->tv_sec / n + tv->tv_usec / 1000000;
199 tv->tv_usec %= 1000000;
204 struct timeval *tv, *a;
207 tv->tv_usec = a->tv_usec * n;
208 tv->tv_sec = a->tv_sec * n + a->tv_usec / 1000000;
209 tv->tv_usec %= 1000000;
217 for (; xlat->str != NULL; xlat++)
218 if (xlat->val == val)
224 * Print entry in struct xlat table, if there.
227 printxval(xlat, val, dflt)
232 char *str = xlookup(xlat, val);
237 tprintf("%#x /* %s */", val, dflt);
241 * Interpret `xlat' as an array of flags
242 * print the entries whose bits are on in `flags'
243 * return # of flags printed.
246 addflags(xlat, flags)
252 for (n = 0; xlat->str; xlat++) {
253 if (xlat->val && (flags & xlat->val) == xlat->val) {
254 tprintf("|%s", xlat->str);
260 tprintf("|%#x", flags);
267 printflags(xlat, flags)
274 if (flags == 0 && xlat->val == 0) {
275 tprintf("%s", xlat->str);
280 for (n = 0; xlat->str; xlat++) {
281 if (xlat->val && (flags & xlat->val) == xlat->val) {
282 tprintf("%s%s", sep, xlat->str);
289 tprintf("%s%#x", sep, flags);
296 printnum(tcp, addr, fmt)
307 if (umove(tcp, addr, &num) < 0) {
308 tprintf("%#lx", addr);
316 static char path[MAXPATHLEN + 1];
322 char buf[2 * MAXPATHLEN + 1];
325 if (!strpbrk(str, "\"\'\\")) {
326 tprintf("\"%s\"", str);
329 for (s = buf; *str; str++) {
331 case '\"': case '\'': case '\\':
332 *s++ = '\\'; *s++ = *str; break;
338 tprintf("\"%s\"", buf);
346 if (umovestr(tcp, addr, MAXPATHLEN, path) < 0)
347 tprintf("%#lx", addr);
354 printpathn(tcp, addr, n)
359 if (umovestr(tcp, addr, n, path) < 0)
360 tprintf("%#lx", addr);
368 printstr(tcp, addr, len)
373 static unsigned char *str = NULL;
383 if ((str = malloc(max_strlen)) == NULL
384 || (outstr = malloc(2*max_strlen)) == NULL) {
385 fprintf(stderr, "printstr: no memory\n");
386 tprintf("%#lx", addr);
390 outend = outstr + max_strlen * 2 - 10;
393 if (umovestr(tcp, addr, n, (char *) str) < 0) {
394 tprintf("%#lx", addr);
399 n = MIN(len, max_strlen);
400 if (umoven(tcp, addr, n, (char *) str) < 0) {
401 tprintf("%#lx", addr);
410 for (i = 0; i < n; i++) {
412 if (len < 0 && c == '\0')
414 if (!isprint(c) && !isspace(c)) {
425 for (i = 0; i < n; i++) {
427 if (len < 0 && c == '\0')
429 sprintf(s, "\\x%02x", c);
436 for (i = 0; i < n; i++) {
438 if (len < 0 && c == '\0')
441 case '\"': case '\'': case '\\':
442 *s++ = '\\'; *s++ = c; break;
444 *s++ = '\\'; *s++ = 'f'; break;
446 *s++ = '\\'; *s++ = 'n'; break;
448 *s++ = '\\'; *s++ = 'r'; break;
450 *s++ = '\\'; *s++ = 't'; break;
452 *s++ = '\\'; *s++ = 'v'; break;
456 else if (i < n - 1 && isdigit(str[i + 1])) {
457 sprintf(s, "\\%03o", c);
461 sprintf(s, "\\%o", c);
472 if (i < len || (len < 0 && (i == n || s > outend))) {
473 *s++ = '.'; *s++ = '.'; *s++ = '.';
476 tprintf("%s", outstr);
481 dumpiov(tcp, len, addr)
490 if ((iov = (struct iovec *) malloc(len * sizeof *iov)) == NULL) {
491 fprintf(stderr, "dump: No memory");
494 if (umoven(tcp, addr,
495 len * sizeof *iov, (char *) iov) >= 0) {
497 for (i = 0; i < len; i++) {
498 /* include the buffer number to make it easy to
499 * match up the trace with the source */
500 tprintf(" * %lu bytes in buffer %d\n",
501 (unsigned long)iov[i].iov_len, i);
502 dumpstr(tcp, (long) iov[i].iov_base,
512 dumpstr(tcp, addr, len)
517 static int strsize = -1;
518 static unsigned char *str;
519 static char outstr[80];
526 if ((str = malloc(len)) == NULL) {
527 fprintf(stderr, "dump: no memory\n");
533 if (umoven(tcp, addr, len, (char *) str) < 0)
536 for (i = 0; i < len; i += 16) {
538 sprintf(s, " | %05x ", i);
540 for (j = 0; j < 16; j++) {
544 sprintf(s, " %02x", str[i + j]);
548 *s++ = ' '; *s++ = ' '; *s++ = ' ';
551 *s++ = ' '; *s++ = ' ';
552 for (j = 0; j < 16; j++) {
556 if (isprint(str[i + j]))
564 tprintf("%s |\n", outstr);
568 #define PAGMASK (~(PAGSIZ - 1))
570 * move `len' bytes of data from process `pid'
571 * at address `addr' to our space at `laddr'
574 umoven(tcp, addr, len, laddr)
587 char x[sizeof(long)];
590 if (addr & (sizeof(long) - 1)) {
591 /* addr not a multiple of sizeof(long) */
592 n = addr - (addr & -sizeof(long)); /* residue */
593 addr &= -sizeof(long); /* residue */
595 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *) addr, 0);
597 if (started && (errno==EPERM || errno==EIO)) {
598 /* Ran into 'end of memory' - stupid "printpath" */
601 /* But if not started, we had a bogus address. */
602 perror("ptrace: umoven");
606 memcpy(laddr, &u.x[n], m = MIN(sizeof(long) - n, len));
607 addr += sizeof(long), laddr += m, len -= m;
611 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *) addr, 0);
613 if (started && (errno==EPERM || errno==EIO)) {
614 /* Ran into 'end of memory' - stupid "printpath" */
618 perror("ptrace: umoven");
622 memcpy(laddr, u.x, m = MIN(sizeof(long), len));
623 addr += sizeof(long), laddr += m, len -= m;
633 char x[sizeof(long)];
636 if (addr & (sizeof(long) - 1)) {
637 /* addr not a multiple of sizeof(long) */
638 n = addr - (addr & -sizeof(long)); /* residue */
639 addr &= -sizeof(long); /* residue */
641 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *) addr, 0);
646 memcpy(laddr, &u.x[n], m = MIN(sizeof(long) - n, len));
647 addr += sizeof(long), laddr += m, len -= m;
651 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *) addr, 0);
656 memcpy(laddr, u.x, m = MIN(sizeof(long), len));
657 addr += sizeof(long), laddr += m, len -= m;
663 n = MIN(len, PAGSIZ);
664 n = MIN(n, ((addr + PAGSIZ) & PAGMASK) - addr);
665 if (ptrace(PTRACE_READDATA, pid,
666 (char *) addr, len, laddr) < 0) {
667 perror("umoven: ptrace(PTRACE_READDATA, ...)");
679 #ifdef HAVE_MP_PROCFS
680 int fd = tcp->pfd_as;
684 lseek(fd, addr, SEEK_SET);
685 if (read(fd, laddr, len) == -1)
687 #endif /* USE_PROCFS */
693 * like `umove' but make the additional effort of looking
694 * for a terminating zero byte.
697 umovestr(tcp, addr, len, laddr)
704 #ifdef HAVE_MP_PROCFS
705 int fd = tcp->pfd_as;
709 /* Some systems (e.g. FreeBSD) can be upset if we read off the
710 end of valid memory, avoid this by trying to read up
711 to page boundaries. But we don't know what a page is (and
712 getpagesize(2) (if it exists) doesn't necessarily return
713 hardware page size). Assume all pages >= 1024 (a-historical
716 int page = 1024; /* How to find this? */
717 int move = page - (addr & (page - 1));
720 lseek(fd, addr, SEEK_SET);
723 if (move > left) move = left;
724 if ((move = read(fd, laddr, move)) <= 0)
725 return left != len ? 0 : -1;
726 if (memchr (laddr, 0, move)) break;
732 #else /* !USE_PROCFS */
738 char x[sizeof(long)];
741 if (addr & (sizeof(long) - 1)) {
742 /* addr not a multiple of sizeof(long) */
743 n = addr - (addr & -sizeof(long)); /* residue */
744 addr &= -sizeof(long); /* residue */
746 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *)addr, 0);
748 if (started && (errno==EPERM || errno==EIO)) {
749 /* Ran into 'end of memory' - stupid "printpath" */
756 memcpy(laddr, &u.x[n], m = MIN(sizeof(long)-n,len));
757 while (n & (sizeof(long) - 1))
758 if (u.x[n++] == '\0')
760 addr += sizeof(long), laddr += m, len -= m;
764 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *)addr, 0);
766 if (started && (errno==EPERM || errno==EIO)) {
767 /* Ran into 'end of memory' - stupid "printpath" */
774 memcpy(laddr, u.x, m = MIN(sizeof(long), len));
775 for (i = 0; i < sizeof(long); i++)
779 addr += sizeof(long), laddr += m, len -= m;
781 #endif /* !USE_PROCFS */
787 #define PTRACE_WRITETEXT 101
788 #define PTRACE_WRITEDATA 102
795 uload(cmd, pid, addr, len, laddr)
806 n = MIN(len, PAGSIZ);
807 n = MIN(n, ((addr + PAGSIZ) & PAGMASK) - addr);
808 if (ptrace(cmd, pid, (char *)addr, n, laddr) < 0) {
809 perror("uload: ptrace(PTRACE_WRITE, ...)");
821 char x[sizeof(long)];
824 if (cmd == PTRACE_WRITETEXT) {
825 peek = PTRACE_PEEKTEXT;
826 poke = PTRACE_POKETEXT;
829 peek = PTRACE_PEEKDATA;
830 poke = PTRACE_POKEDATA;
832 if (addr & (sizeof(long) - 1)) {
833 /* addr not a multiple of sizeof(long) */
834 n = addr - (addr & -sizeof(long)); /* residue */
835 addr &= -sizeof(long);
837 u.val = ptrace(peek, pid, (char *) addr, 0);
839 perror("uload: POKE");
842 memcpy(&u.x[n], laddr, m = MIN(sizeof(long) - n, len));
843 if (ptrace(poke, pid, (char *)addr, u.val) < 0) {
844 perror("uload: POKE");
847 addr += sizeof(long), laddr += m, len -= m;
850 if (len < sizeof(long))
851 u.val = ptrace(peek, pid, (char *) addr, 0);
852 memcpy(u.x, laddr, m = MIN(sizeof(long), len));
853 if (ptrace(poke, pid, (char *) addr, u.val) < 0) {
854 perror("uload: POKE");
857 addr += sizeof(long), laddr += m, len -= m;
864 tload(pid, addr, len, laddr)
869 return uload(PTRACE_WRITETEXT, pid, addr, len, laddr);
873 dload(pid, addr, len, laddr)
879 return uload(PTRACE_WRITEDATA, pid, addr, len, laddr);
894 #ifdef SUNOS4_KERNEL_ARCH_KLUDGE
896 static int is_sun4m = -1;
899 /* Round up the usual suspects. */
900 if (is_sun4m == -1) {
901 if (uname(&name) < 0) {
902 perror("upeek: uname?");
905 is_sun4m = strcmp(name.machine, "sun4m") == 0;
907 extern struct xlat struct_user_offsets[];
910 for (x = struct_user_offsets; x->str; x++)
917 #endif /* SUNOS4_KERNEL_ARCH_KLUDGE */
919 val = ptrace(PTRACE_PEEKUSER, pid, (char *) off, 0);
920 if (val == -1 && errno) {
922 sprintf(buf,"upeek: ptrace(PTRACE_PEEKUSER,%d,%lu,0)",pid,off);
930 #endif /* !USE_PROCFS */
940 if (upeek(tcp->pid, 4*EIP, &pc) < 0)
942 #elif defined(X86_64)
943 if (upeek(tcp->pid, 8*RIP, &pc) < 0)
946 if (upeek(tcp->pid, PT_B0, &pc) < 0)
949 if (upeek(tcp->pid, 4*15, &pc) < 0)
951 #elif defined(POWERPC)
952 if (upeek(tcp->pid, sizeof(unsigned long)*PT_NIP, &pc) < 0)
955 if (upeek(tcp->pid, 4*PT_PC, &pc) < 0)
958 if (upeek(tcp->pid, REG_PC, &pc) < 0)
961 if (upeek(tcp->pid, REG_EPC, &pc) < 0)
965 if (ptrace(PTRACE_GETREGS,tcp->pid,(char *)®s,0) < 0)
968 #elif defined(S390) || defined(S390X)
969 if(upeek(tcp->pid,PT_PSWADDR,&pc) < 0)
972 if(upeek(tcp->pid,PT_IAOQ0,&pc) < 0)
975 if (upeek(tcp->pid, 4*REG_PC ,&pc) < 0)
978 if (upeek(tcp->pid, REG_PC ,&pc) < 0)
986 * Return current program counter for `pid'
987 * Assumes PC is never 0xffffffff
991 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *) ®s, 0) < 0) {
992 perror("getpc: ptrace(PTRACE_GETREGS, ...)");
1005 pread(tcp->pfd_reg, ®s, sizeof(regs), 0);
1007 #endif /* FREEBSD */
1019 if (upeek(tcp->pid, 4*EIP, &eip) < 0) {
1020 tprintf("[????????] ");
1023 tprintf("[%08lx] ", eip);
1024 #elif defined(X86_64)
1027 if (upeek(tcp->pid, 8*RIP, &rip) < 0) {
1028 tprintf("[????????] ");
1031 tprintf("[%16lx] ", rip);
1035 if (upeek(tcp->pid, PT_B0, &ip) < 0) {
1036 tprintf("[????????] ");
1039 tprintf("[%08lx] ", ip);
1040 #elif defined(POWERPC)
1043 if (upeek(tcp->pid, sizeof(unsigned long)*PT_NIP, &pc) < 0) {
1044 tprintf ("[????????] ");
1047 tprintf("[%08lx] ", pc);
1051 if (upeek(tcp->pid, 4*PT_PC, &pc) < 0) {
1052 tprintf ("[????????] ");
1055 tprintf("[%08lx] ", pc);
1056 #elif defined(ALPHA)
1059 if (upeek(tcp->pid, REG_PC, &pc) < 0) {
1060 tprintf ("[????????] ");
1063 tprintf("[%08lx] ", pc);
1064 #elif defined(SPARC)
1066 if (ptrace(PTRACE_GETREGS,tcp->pid,(char *)®s,0) < 0) {
1067 tprintf("[????????] ");
1070 tprintf("[%08lx] ", regs.r_pc);
1074 if(upeek(tcp->pid,PT_IAOQ0,&pc) < 0) {
1075 tprintf ("[????????] ");
1078 tprintf("[%08lx] ", pc);
1082 if (upeek(tcp->pid, REG_EPC, &pc) < 0) {
1083 tprintf ("[????????] ");
1086 tprintf("[%08lx] ", pc);
1090 if (upeek(tcp->pid, 4*REG_PC, &pc) < 0) {
1091 tprintf ("[????????] ");
1094 tprintf("[%08lx] ", pc);
1098 if (upeek(tcp->pid, REG_PC, &pc) < 0) {
1099 tprintf ("[????????] ");
1102 tprintf("[%08lx] ", pc);
1106 if (upeek(tcp->pid, 4*15, &pc) < 0) {
1107 tprintf("[????????] ");
1110 tprintf("[%08lx] ", pc);
1111 #endif /* !architecture */
1117 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *) ®s, 0) < 0) {
1118 perror("printcall: ptrace(PTRACE_GETREGS, ...)");
1119 tprintf("[????????] ");
1122 tprintf("[%08x] ", regs.r_o7);
1127 tprintf("[????????] ");
1132 pread(tcp->pfd_reg, ®s, sizeof(regs), 0);
1133 tprintf("[%08x] ", regs.r_eip);
1134 #endif /* FREEBSD */
1141 #include <sys/syscall.h>
1142 #ifndef CLONE_PTRACE
1143 # define CLONE_PTRACE 0x00002000
1148 typedef unsigned long *arg_setup_state;
1151 arg_setup(struct tcb *tcp, arg_setup_state *state)
1153 unsigned long *bsp, cfm, sof, sol;
1155 if (upeek(tcp->pid, PT_AR_BSP, (long *) &bsp) < 0)
1157 if (upeek(tcp->pid, PT_CFM, (long *) &cfm) < 0)
1160 sof = (cfm >> 0) & 0x7f;
1161 sol = (cfm >> 7) & 0x7f;
1162 bsp = ia64_rse_skip_regs(bsp, -sof + sol);
1168 # define arg_finish_change(tcp, state) 0
1172 get_arg0 (struct tcb *tcp, arg_setup_state *state, long *valp)
1174 return umoven (tcp, (unsigned long) ia64_rse_skip_regs(*state, 0),
1175 sizeof(long), (void *) valp);
1179 get_arg1 (struct tcb *tcp, arg_setup_state *state, long *valp)
1181 return umoven (tcp, (unsigned long) ia64_rse_skip_regs(*state, 1),
1182 sizeof(long), (void *) valp);
1187 set_arg0 (struct tcb *tcp, arg_setup_state *state, long val)
1190 ap = ia64_rse_skip_regs(*state, 0);
1192 ptrace(PTRACE_POKEDATA, tcp->pid, (void *) ap, val);
1193 return errno ? -1 : 0;
1197 set_arg1 (struct tcb *tcp, arg_setup_state *state, long val)
1200 ap = ia64_rse_skip_regs(*state, 1);
1202 ptrace(PTRACE_POKEDATA, tcp->pid, (void *) ap, val);
1203 return errno ? -1 : 0;
1206 #elif defined (SPARC)
1208 typedef struct regs arg_setup_state;
1210 # define arg_setup(tcp, state) \
1211 (ptrace (PTRACE_GETREGS, tcp->pid, (char *) (state), 0))
1212 # define arg_finish_change(tcp, state) \
1213 (ptrace (PTRACE_SETREGS, tcp->pid, (char *) (state), 0))
1215 # define get_arg0(tcp, state, valp) (*(valp) = (state)->r_o0, 0)
1216 # define get_arg1(tcp, state, valp) (*(valp) = (state)->r_o1, 0)
1217 # define set_arg0(tcp, state, val) ((state)->r_o0 = (val), 0)
1218 # define set_arg1(tcp, state, val) ((state)->r_o1 = (val), 0)
1219 # define restore_arg0(tcp, state, val) 0
1223 # if defined S390 || defined S390X
1224 /* Note: this is only true for the `clone' system call, which handles
1225 arguments specially. We could as well say that its first two arguments
1226 are swapped relative to other architectures, but that would just be
1227 another #ifdef in the calls. */
1228 # define arg0_offset PT_GPR3
1229 # define arg1_offset PT_ORIGGPR2
1230 # define restore_arg0(tcp, state, val) ((void) (state), 0)
1231 # define restore_arg1(tcp, state, val) ((void) (state), 0)
1232 # elif defined (ALPHA) || defined (MIPS)
1233 # define arg0_offset REG_A0
1234 # define arg1_offset (REG_A0+1)
1235 # elif defined (POWERPC)
1236 # define arg0_offset (sizeof(unsigned long)*PT_R3)
1237 # define arg1_offset (sizeof(unsigned long)*PT_R4)
1238 # define restore_arg0(tcp, state, val) ((void) (state), 0)
1239 # elif defined (HPPA)
1240 # define arg0_offset PT_GR26
1241 # define arg1_offset (PT_GR26-4)
1242 # elif defined (X86_64)
1243 # define arg0_offset ((long)(8*(current_personality ? RBX : RDI)))
1244 # define arg1_offset ((long)(8*(current_personality ? RCX : RSI)))
1246 # define arg0_offset (4*(REG_REG0+4))
1247 # define arg1_offset (4*(REG_REG0+5))
1248 # elif defined (SH64)
1249 /* ABI defines arg0 & 1 in r2 & r3 */
1250 # define arg0_offset (REG_OFFSET+16)
1251 # define arg1_offset (REG_OFFSET+24)
1252 # define restore_arg0(tcp, state, val) 0
1254 # define arg0_offset 0
1255 # define arg1_offset 4
1257 # define restore_arg0(tcp, state, val) 0
1261 typedef int arg_setup_state;
1263 # define arg_setup(tcp, state) (0)
1264 # define arg_finish_change(tcp, state) 0
1265 # define get_arg0(tcp, cookie, valp) \
1266 (upeek ((tcp)->pid, arg0_offset, (valp)))
1267 # define get_arg1(tcp, cookie, valp) \
1268 (upeek ((tcp)->pid, arg1_offset, (valp)))
1271 set_arg0 (struct tcb *tcp, void *cookie, long val)
1273 return ptrace (PTRACE_POKEUSER, tcp->pid, (char*)arg0_offset, val);
1277 set_arg1 (struct tcb *tcp, void *cookie, long val)
1279 return ptrace (PTRACE_POKEUSER, tcp->pid, (char*)arg1_offset, val);
1284 #ifndef restore_arg0
1285 # define restore_arg0(tcp, state, val) set_arg0((tcp), (state), (val))
1287 #ifndef restore_arg1
1288 # define restore_arg1(tcp, state, val) set_arg1((tcp), (state), (val))
1295 extern int change_syscall(struct tcb *, int);
1296 arg_setup_state state;
1298 if (tcp->flags & TCB_BPTSET) {
1299 fprintf(stderr, "PANIC: TCB already set in pid %u\n", tcp->pid);
1303 switch (tcp->scno) {
1310 #if defined SYS_fork || defined SYS_vfork
1311 if (arg_setup (tcp, &state) < 0
1312 || get_arg0 (tcp, &state, &tcp->inst[0]) < 0
1313 || get_arg1 (tcp, &state, &tcp->inst[1]) < 0
1314 || change_syscall(tcp, SYS_clone) < 0
1315 || set_arg0 (tcp, &state, CLONE_PTRACE|SIGCHLD) < 0
1316 || set_arg1 (tcp, &state, 0) < 0
1317 || arg_finish_change (tcp, &state) < 0)
1319 tcp->u_arg[0] = CLONE_PTRACE|SIGCHLD;
1321 tcp->flags |= TCB_BPTSET;
1329 if ((tcp->u_arg[0] & CLONE_PTRACE) == 0
1330 && (arg_setup (tcp, &state) < 0
1331 || set_arg0 (tcp, &state, tcp->u_arg[0] | CLONE_PTRACE) < 0
1332 || arg_finish_change (tcp, &state) < 0))
1334 tcp->flags |= TCB_BPTSET;
1335 tcp->inst[0] = tcp->u_arg[0];
1336 tcp->inst[1] = tcp->u_arg[1];
1340 fprintf(stderr, "PANIC: setbpt for syscall %ld on %u???\n",
1341 tcp->scno, tcp->pid);
1352 arg_setup_state state;
1353 if (arg_setup (tcp, &state) < 0
1354 || restore_arg0 (tcp, &state, tcp->inst[0]) < 0
1355 || restore_arg1 (tcp, &state, tcp->inst[1]) < 0
1356 || arg_finish_change (tcp, &state))
1358 tcp->flags &= ~TCB_BPTSET;
1371 /* We simply use the SunOS breakpoint code. */
1374 #define LOOPA 0x30800000 /* ba,a 0 */
1376 if (tcp->flags & TCB_BPTSET) {
1377 fprintf(stderr, "PANIC: TCB already set in pid %u\n", tcp->pid);
1380 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *)®s, 0) < 0) {
1381 perror("setbpt: ptrace(PTRACE_GETREGS, ...)");
1384 tcp->baddr = regs.r_o7 + 8;
1386 tcp->inst[0] = ptrace(PTRACE_PEEKTEXT, tcp->pid, (char *)tcp->baddr, 0);
1388 perror("setbpt: ptrace(PTRACE_PEEKTEXT, ...)");
1393 * XXX - BRUTAL MODE ON
1394 * We cannot set a real BPT in the child, since it will not be
1395 * traced at the moment it will reach the trap and would probably
1396 * die with a core dump.
1397 * Thus, we are force our way in by taking out two instructions
1398 * and insert an eternal loop instead, in expectance of the SIGSTOP
1399 * generated by out PTRACE_ATTACH.
1400 * Of cause, if we evaporate ourselves in the middle of all this...
1403 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, LOOPA);
1405 perror("setbpt: ptrace(PTRACE_POKETEXT, ...)");
1408 tcp->flags |= TCB_BPTSET;
1413 # define LOOP 0x0000feeb
1414 if (tcp->flags & TCB_BPTSET) {
1415 fprintf(stderr, "PANIC: bpt already set in pid %u\n",
1419 if (upeek(tcp->pid, PT_CR_IIP, &tcp->baddr) < 0)
1422 fprintf(stderr, "[%d] setting bpt at %lx\n",
1423 tcp->pid, tcp->baddr);
1424 tcp->inst[0] = ptrace(PTRACE_PEEKTEXT, tcp->pid,
1425 (char *) tcp->baddr, 0);
1427 perror("setbpt: ptrace(PTRACE_PEEKTEXT, ...)");
1430 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, LOOP);
1432 perror("setbpt: ptrace(PTRACE_POKETEXT, ...)");
1435 tcp->flags |= TCB_BPTSET;
1438 * Our strategy here is to replace the bundle that
1439 * contained the clone() syscall with a bundle of the
1442 * { 1: br 1b; br 1b; br 1b }
1444 * This ensures that the newly forked child will loop
1445 * endlessly until we've got a chance to attach to it.
1447 # define LOOP0 0x0000100000000017
1448 # define LOOP1 0x4000000000200000
1449 unsigned long addr, ipsr;
1453 if (upeek(pid, PT_CR_IPSR, &ipsr) < 0)
1455 if (upeek(pid, PT_CR_IIP, &addr) < 0)
1457 /* store "ri" in low two bits */
1458 tcp->baddr = addr | ((ipsr >> 41) & 0x3);
1461 tcp->inst[0] = ptrace(PTRACE_PEEKTEXT, pid, (char *) addr + 0,
1463 tcp->inst[1] = ptrace(PTRACE_PEEKTEXT, pid, (char *) addr + 8,
1466 perror("setbpt: ptrace(PTRACE_PEEKTEXT, ...)");
1471 ptrace(PTRACE_POKETEXT, pid, (char *) addr + 0, LOOP0);
1472 ptrace(PTRACE_POKETEXT, pid, (char *) addr + 8, LOOP1);
1474 perror("setbpt: ptrace(PTRACE_POKETEXT, ...)");
1477 tcp->flags |= TCB_BPTSET;
1481 #if defined (I386) || defined(X86_64)
1482 #define LOOP 0x0000feeb
1483 #elif defined (M68K)
1484 #define LOOP 0x60fe0000
1485 #elif defined (ALPHA)
1486 #define LOOP 0xc3ffffff
1487 #elif defined (POWERPC)
1488 #define LOOP 0x48000000
1490 #define LOOP 0xEAFFFFFE
1492 #define LOOP 0x1000ffff
1494 #define LOOP 0xa7f40000 /* BRC 15,0 */
1495 #elif defined(S390X)
1496 #define LOOP 0xa7f4000000000000UL /* BRC 15,0 */
1498 #define LOOP 0xe81f1ff7 /* b,l,n <loc>,r0 */
1500 #ifdef __LITTLE_ENDIAN__
1501 #define LOOP 0x0000affe
1503 #define LOOP 0xfeaf0000
1506 #error unknown architecture
1509 if (tcp->flags & TCB_BPTSET) {
1510 fprintf(stderr, "PANIC: bpt already set in pid %u\n", tcp->pid);
1514 if (upeek(tcp->pid, 4*EIP, &tcp->baddr) < 0)
1516 #elif defined (X86_64)
1517 if (upeek(tcp->pid, 8*RIP, &tcp->baddr) < 0)
1519 #elif defined (M68K)
1520 if (upeek(tcp->pid, 4*PT_PC, &tcp->baddr) < 0)
1522 #elif defined (ALPHA)
1526 #elif defined (MIPS)
1527 return -1; /* FIXME: I do not know what i do - Flo */
1528 #elif defined (POWERPC)
1529 if (upeek(tcp->pid, sizeof(unsigned long)*PT_NIP, &tcp->baddr) < 0)
1531 #elif defined(S390) || defined(S390X)
1532 if (upeek(tcp->pid,PT_PSWADDR, &tcp->baddr) < 0)
1535 if (upeek(tcp->pid, PT_IAOQ0, &tcp->baddr) < 0)
1537 tcp->baddr &= ~0x03;
1539 if (upeek(tcp->pid, 4*REG_PC, &tcp->baddr) < 0)
1542 #error unknown architecture
1545 fprintf(stderr, "[%d] setting bpt at %lx\n", tcp->pid, tcp->baddr);
1546 tcp->inst[0] = ptrace(PTRACE_PEEKTEXT, tcp->pid, (char *) tcp->baddr, 0);
1548 perror("setbpt: ptrace(PTRACE_PEEKTEXT, ...)");
1551 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, LOOP);
1553 perror("setbpt: ptrace(PTRACE_POKETEXT, ...)");
1556 tcp->flags |= TCB_BPTSET;
1563 #ifdef SPARC /* This code is slightly sparc specific */
1566 #define BPT 0x91d02001 /* ta 1 */
1567 #define LOOP 0x10800000 /* ba 0 */
1568 #define LOOPA 0x30800000 /* ba,a 0 */
1569 #define NOP 0x01000000
1571 static int loopdeloop[1] = {LOOPA};
1573 static int loopdeloop[2] = {LOOP, NOP};
1576 if (tcp->flags & TCB_BPTSET) {
1577 fprintf(stderr, "PANIC: TCB already set in pid %u\n", tcp->pid);
1580 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *)®s, 0) < 0) {
1581 perror("setbpt: ptrace(PTRACE_GETREGS, ...)");
1584 tcp->baddr = regs.r_o7 + 8;
1585 if (ptrace(PTRACE_READTEXT, tcp->pid, (char *)tcp->baddr,
1586 sizeof tcp->inst, (char *)tcp->inst) < 0) {
1587 perror("setbpt: ptrace(PTRACE_READTEXT, ...)");
1592 * XXX - BRUTAL MODE ON
1593 * We cannot set a real BPT in the child, since it will not be
1594 * traced at the moment it will reach the trap and would probably
1595 * die with a core dump.
1596 * Thus, we are force our way in by taking out two instructions
1597 * and insert an eternal loop in stead, in expectance of the SIGSTOP
1598 * generated by out PTRACE_ATTACH.
1599 * Of cause, if we evaporate ourselves in the middle of all this...
1601 if (ptrace(PTRACE_WRITETEXT, tcp->pid, (char *) tcp->baddr,
1602 sizeof loopdeloop, (char *) loopdeloop) < 0) {
1603 perror("setbpt: ptrace(PTRACE_WRITETEXT, ...)");
1606 tcp->flags |= TCB_BPTSET;
1620 #if defined(I386) || defined(X86_64)
1622 #elif defined(POWERPC)
1626 #elif defined(ALPHA)
1632 #endif /* architecture */
1635 /* Again, we borrow the SunOS breakpoint code. */
1636 if (!(tcp->flags & TCB_BPTSET)) {
1637 fprintf(stderr, "PANIC: TCB not set in pid %u\n", tcp->pid);
1641 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, tcp->inst[0]);
1643 perror("clearbtp: ptrace(PTRACE_POKETEXT, ...)");
1646 tcp->flags &= ~TCB_BPTSET;
1652 fprintf(stderr, "[%d] clearing bpt\n", tcp->pid);
1653 if (!(tcp->flags & TCB_BPTSET)) {
1654 fprintf(stderr, "PANIC: TCB not set in pid %u\n", tcp->pid);
1658 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, tcp->inst[0]);
1660 perror("clearbtp: ptrace(PTRACE_POKETEXT, ...)");
1663 tcp->flags &= ~TCB_BPTSET;
1665 if (upeek(tcp->pid, PT_CR_IIP, &addr) < 0)
1667 if (addr != tcp->baddr) {
1668 /* The breakpoint has not been reached yet. */
1671 "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1676 unsigned long addr, ipsr;
1681 if (upeek(pid, PT_CR_IPSR, &ipsr) < 0)
1683 if (upeek(pid, PT_CR_IIP, &addr) < 0)
1686 /* restore original bundle: */
1688 ptrace(PTRACE_POKETEXT, pid, (char *) addr + 0, tcp->inst[0]);
1689 ptrace(PTRACE_POKETEXT, pid, (char *) addr + 8, tcp->inst[1]);
1691 perror("clearbpt: ptrace(PTRACE_POKETEXT, ...)");
1695 /* restore original "ri" in ipsr: */
1696 ipsr = (ipsr & ~(0x3ul << 41)) | ((tcp->baddr & 0x3) << 41);
1698 ptrace(PTRACE_POKEUSER, pid, (char *) PT_CR_IPSR, ipsr);
1700 perror("clrbpt: ptrace(PTRACE_POKEUSER, ...)");
1704 tcp->flags &= ~TCB_BPTSET;
1706 if (addr != (tcp->baddr & ~0x3)) {
1707 /* the breakpoint has not been reached yet. */
1709 fprintf(stderr, "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1714 #else /* !IA64 && ! SPARC */
1717 fprintf(stderr, "[%d] clearing bpt\n", tcp->pid);
1718 if (!(tcp->flags & TCB_BPTSET)) {
1719 fprintf(stderr, "PANIC: TCB not set in pid %u\n", tcp->pid);
1723 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, tcp->inst[0]);
1725 perror("clearbtp: ptrace(PTRACE_POKETEXT, ...)");
1728 tcp->flags &= ~TCB_BPTSET;
1731 if (upeek(tcp->pid, 4*EIP, &eip) < 0)
1733 if (eip != tcp->baddr) {
1734 /* The breakpoint has not been reached yet. */
1737 "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1741 #elif defined(X86_64)
1742 if (upeek(tcp->pid, 8*RIP, &eip) < 0)
1744 if (eip != tcp->baddr) {
1745 /* The breakpoint has not been reached yet. */
1748 "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1752 #elif defined(POWERPC)
1753 if (upeek(tcp->pid, sizeof(unsigned long)*PT_NIP, &pc) < 0)
1755 if (pc != tcp->baddr) {
1756 /* The breakpoint has not been reached yet. */
1758 fprintf(stderr, "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1763 if (upeek(tcp->pid, 4*PT_PC, &pc) < 0)
1765 if (pc != tcp->baddr) {
1766 /* The breakpoint has not been reached yet. */
1768 fprintf(stderr, "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1772 #elif defined(ALPHA)
1773 if (upeek(tcp->pid, REG_PC, &pc) < 0)
1775 if (pc != tcp->baddr) {
1776 /* The breakpoint has not been reached yet. */
1778 fprintf(stderr, "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1783 if (upeek(tcp->pid, PT_IAOQ0, &iaoq) < 0)
1786 if (iaoq != tcp->baddr && iaoq != tcp->baddr + 4) {
1787 /* The breakpoint has not been reached yet. */
1789 fprintf(stderr, "NOTE: PC not at bpt (iaoq %#lx baddr %#lx)\n",
1793 iaoq = tcp->baddr | 3;
1794 /* We should be pointing at a 'ldi -1000,r1' in glibc, so it is
1795 * safe to set both IAOQ0 and IAOQ1 to that so the PSW N bit
1796 * has no significant effect.
1798 ptrace(PTRACE_POKEUSER, tcp->pid, (void *)PT_IAOQ0, iaoq);
1799 ptrace(PTRACE_POKEUSER, tcp->pid, (void *)PT_IAOQ1, iaoq);
1801 if (upeek(tcp->pid, 4*REG_PC, &pc) < 0)
1803 if (pc != tcp->baddr) {
1804 /* The breakpoint has not been reached yet. */
1806 fprintf(stderr, "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1812 #endif /* !SPARC && !IA64 */
1822 if (!(tcp->flags & TCB_BPTSET)) {
1823 fprintf(stderr, "PANIC: TCB not set in pid %u\n", tcp->pid);
1826 if (ptrace(PTRACE_WRITETEXT, tcp->pid, (char *) tcp->baddr,
1827 sizeof tcp->inst, (char *) tcp->inst) < 0) {
1828 perror("clearbtp: ptrace(PTRACE_WRITETEXT, ...)");
1831 tcp->flags &= ~TCB_BPTSET;
1835 * Since we don't have a single instruction breakpoint, we may have
1836 * to adjust the program counter after removing the our `breakpoint'.
1838 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *)®s, 0) < 0) {
1839 perror("clearbpt: ptrace(PTRACE_GETREGS, ...)");
1842 if ((regs.r_pc < tcp->baddr) ||
1843 (regs.r_pc > tcp->baddr + 4)) {
1844 /* The breakpoint has not been reached yet */
1847 "NOTE: PC not at bpt (pc %#x baddr %#x)\n",
1848 regs.r_pc, tcp->parent->baddr);
1851 if (regs.r_pc != tcp->baddr)
1853 fprintf(stderr, "NOTE: PC adjusted (%#x -> %#x\n",
1854 regs.r_pc, tcp->baddr);
1856 regs.r_pc = tcp->baddr;
1857 if (ptrace(PTRACE_SETREGS, tcp->pid, (char *)®s, 0) < 0) {
1858 perror("clearbpt: ptrace(PTRACE_SETREGS, ...)");
1870 #endif /* !USE_PROCFS */
1881 for (n = 0; n < sizeof *hdr; n += 4) {
1883 if (upeek(pid, uoff(u_exdata) + n, &res) < 0)
1885 memcpy(((char *) hdr) + n, &res, 4);
1888 fprintf(stderr, "[struct exec: magic: %o version %u Mach %o\n",
1889 hdr->a_magic, hdr->a_toolversion, hdr->a_machtype);
1890 fprintf(stderr, "Text %lu Data %lu Bss %lu Syms %lu Entry %#lx]\n",
1891 hdr->a_text, hdr->a_data, hdr->a_bss, hdr->a_syms, hdr->a_entry);
1902 * Change `vfork' in a freshly exec'ed dynamically linked
1903 * executable's (internal) symbol table to plain old `fork'
1907 struct link_dynamic dyn;
1908 struct link_dynamic_2 ld;
1911 if (getex(pid, &hdr) < 0)
1916 if (umove(tcp, (int) N_DATADDR(hdr), &dyn) < 0) {
1917 fprintf(stderr, "Cannot read DYNAMIC\n");
1920 if (umove(tcp, (int) dyn.ld_un.ld_2, &ld) < 0) {
1921 fprintf(stderr, "Cannot read link_dynamic_2\n");
1924 if ((strtab = malloc((unsigned)ld.ld_symb_size)) == NULL) {
1925 fprintf(stderr, "fixvfork: out of memory\n");
1928 if (umoven(tcp, (int)ld.ld_symbols+(int)N_TXTADDR(hdr),
1929 (int)ld.ld_symb_size, strtab) < 0)
1933 for (cp = strtab; cp < strtab + ld.ld_symb_size; ) {
1934 fprintf(stderr, "[symbol: %s]\n", cp);
1939 for (cp = strtab; cp < strtab + ld.ld_symb_size; ) {
1940 if (strcmp(cp, "_vfork") == 0) {
1942 fprintf(stderr, "fixvfork: FOUND _vfork\n");
1943 strcpy(cp, "_fork");
1948 if (cp < strtab + ld.ld_symb_size)
1950 * Write entire symbol table back to avoid
1951 * memory alignment bugs in ptrace
1953 if (tload(pid, (int)ld.ld_symbols+(int)N_TXTADDR(hdr),
1954 (int)ld.ld_symb_size, strtab) < 0)