2 * Copyright (c) 1991, 1992 Paul Kranenburg <pk@cs.few.eur.nl>
3 * Copyright (c) 1993 Branko Lankester <branko@hacktic.nl>
4 * Copyright (c) 1993, 1994, 1995, 1996 Rick Sladkey <jrs@world.std.com>
5 * Copyright (c) 1996-1999 Wichert Akkerman <wichert@cistron.nl>
6 * Copyright (c) 1999 IBM Deutschland Entwicklung GmbH, IBM Corporation
7 * Linux for s390 port by D.J. Barrow
8 * <barrow_dj@mail.yahoo.com,djbarrow@de.ibm.com>
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 * 3. The name of the author may not be used to endorse or promote products
20 * derived from this software without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
23 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
24 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
25 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
27 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
31 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39 #include <sys/syscall.h>
41 #include <sys/param.h>
47 #include <machine/reg.h>
52 #if defined(linux) && (__GLIBC__ < 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ < 1))
53 #include <linux/ptrace.h>
56 #if defined(LINUX) && defined(IA64)
57 # include <asm/ptrace_offsets.h>
63 # define PTRACE_PEEKUSR PTRACE_PEEKUSER
64 #elif defined(HAVE_LINUX_PTRACE_H)
66 #include <linux/ptrace.h>
69 #ifdef SUNOS4_KERNEL_ARCH_KLUDGE
70 #include <sys/utsname.h>
71 #endif /* SUNOS4_KERNEL_ARCH_KLUDGE */
73 #if defined(LINUX) && defined(SPARC)
77 #if !defined(__GLIBC__)
79 #include <linux/unistd.h>
81 #define _hack_syscall5(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4,\
83 type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4,type5 arg5) \
87 __asm__ volatile ("or %%g0, %1, %%o0\n\t" \
88 "or %%g0, %2, %%o1\n\t" \
89 "or %%g0, %3, %%o2\n\t" \
90 "or %%g0, %4, %%o3\n\t" \
91 "or %%g0, %5, %%o4\n\t" \
92 "or %%g0, %6, %%g1\n\t" \
95 "or %%g0, %%o0, %0\n\t" \
96 "sub %%g0, %%o0, %0\n\t" \
99 : "0" ((long)(arg1)),"1" ((long)(arg2)), \
100 "2" ((long)(arg3)),"3" ((long)(arg4)),"4" ((long)(arg5)), \
101 "i" (__NR_##syscall) \
102 : "g1", "o0", "o1", "o2", "o3", "o4"); \
104 return (type) __res; \
109 static _hack_syscall5(int,_ptrace,int,__request,int,__pid,int,__addr,int,__data,int,__addr2,ptrace)
119 #define MAX(a,b) (((a) > (b)) ? (a) : (b))
122 #define MIN(a,b) (((a) < (b)) ? (a) : (b))
139 return a->tv_sec || a->tv_usec;
144 struct timeval *a, *b;
146 if (a->tv_sec < b->tv_sec
147 || (a->tv_sec == b->tv_sec && a->tv_usec < b->tv_usec))
149 if (a->tv_sec > b->tv_sec
150 || (a->tv_sec == b->tv_sec && a->tv_usec > b->tv_usec))
159 return tv->tv_sec + tv->tv_usec/1000000.0;
164 struct timeval *tv, *a, *b;
166 tv->tv_sec = a->tv_sec + b->tv_sec;
167 tv->tv_usec = a->tv_usec + b->tv_usec;
168 if (tv->tv_usec > 1000000) {
170 tv->tv_usec -= 1000000;
176 struct timeval *tv, *a, *b;
178 tv->tv_sec = a->tv_sec - b->tv_sec;
179 tv->tv_usec = a->tv_usec - b->tv_usec;
180 if (((long) tv->tv_usec) < 0) {
182 tv->tv_usec += 1000000;
188 struct timeval *tv, *a;
191 tv->tv_usec = (a->tv_sec % n * 1000000 + a->tv_usec + n / 2) / n;
192 tv->tv_sec = a->tv_sec / n + tv->tv_usec / 1000000;
193 tv->tv_usec %= 1000000;
198 struct timeval *tv, *a;
201 tv->tv_usec = a->tv_usec * n;
202 tv->tv_sec = a->tv_sec * n + a->tv_usec / 1000000;
203 tv->tv_usec %= 1000000;
211 for (; xlat->str != NULL; xlat++)
212 if (xlat->val == val)
218 * Print entry in struct xlat table, if there.
221 printxval(xlat, val, dflt)
226 char *str = xlookup(xlat, val);
231 tprintf("%#x /* %s */", val, dflt);
235 * Interpret `xlat' as an array of flags
236 * print the entries whose bits are on in `flags'
237 * return # of flags printed.
240 addflags(xlat, flags)
246 for (n = 0; xlat->str; xlat++) {
247 if (xlat->val && (flags & xlat->val) == xlat->val) {
248 tprintf("|%s", xlat->str);
254 tprintf("|%#x", flags);
261 printflags(xlat, flags)
268 if (flags == 0 && xlat->val == 0) {
269 tprintf("%s", xlat->str);
274 for (n = 0; xlat->str; xlat++) {
275 if (xlat->val && (flags & xlat->val) == xlat->val) {
276 tprintf("%s%s", sep, xlat->str);
283 tprintf("%s%#x", sep, flags);
290 printnum(tcp, addr, fmt)
301 if (umove(tcp, addr, &num) < 0) {
302 tprintf("%#lx", addr);
310 static char path[MAXPATHLEN + 1];
316 char buf[2 * MAXPATHLEN + 1];
319 if (!strpbrk(str, "\"\'\\")) {
320 tprintf("\"%s\"", str);
323 for (s = buf; *str; str++) {
325 case '\"': case '\'': case '\\':
326 *s++ = '\\'; *s++ = *str; break;
332 tprintf("\"%s\"", buf);
340 if (umovestr(tcp, addr, MAXPATHLEN, path) < 0)
341 tprintf("%#lx", addr);
348 printpathn(tcp, addr, n)
353 if (umovestr(tcp, addr, n, path) < 0)
354 tprintf("%#lx", addr);
362 printstr(tcp, addr, len)
367 static unsigned char *str = NULL;
377 if ((str = malloc(max_strlen)) == NULL
378 || (outstr = malloc(2*max_strlen)) == NULL) {
379 fprintf(stderr, "printstr: no memory\n");
380 tprintf("%#lx", addr);
384 outend = outstr + max_strlen * 2 - 10;
387 if (umovestr(tcp, addr, n, (char *) str) < 0) {
388 tprintf("%#lx", addr);
393 n = MIN(len, max_strlen);
394 if (umoven(tcp, addr, n, (char *) str) < 0) {
395 tprintf("%#lx", addr);
404 for (i = 0; i < n; i++) {
406 if (len < 0 && c == '\0')
408 if (!isprint(c) && !isspace(c)) {
419 for (i = 0; i < n; i++) {
421 if (len < 0 && c == '\0')
423 sprintf(s, "\\x%02x", c);
430 for (i = 0; i < n; i++) {
432 if (len < 0 && c == '\0')
435 case '\"': case '\'': case '\\':
436 *s++ = '\\'; *s++ = c; break;
438 *s++ = '\\'; *s++ = 'f'; break;
440 *s++ = '\\'; *s++ = 'n'; break;
442 *s++ = '\\'; *s++ = 'r'; break;
444 *s++ = '\\'; *s++ = 't'; break;
446 *s++ = '\\'; *s++ = 'v'; break;
450 else if (i < n - 1 && isdigit(str[i + 1])) {
451 sprintf(s, "\\%03o", c);
455 sprintf(s, "\\%o", c);
466 if (i < len || (len < 0 && (i == n || s > outend))) {
467 *s++ = '.'; *s++ = '.'; *s++ = '.';
470 tprintf("%s", outstr);
475 dumpiov(tcp, len, addr)
484 if ((iov = (struct iovec *) malloc(len * sizeof *iov)) == NULL) {
485 fprintf(stderr, "dump: No memory");
488 if (umoven(tcp, addr,
489 len * sizeof *iov, (char *) iov) >= 0) {
491 for (i = 0; i < len; i++) {
492 /* include the buffer number to make it easy to
493 * match up the trace with the source */
494 tprintf(" * %lu bytes in buffer %d\n",
495 (unsigned long)iov[i].iov_len, i);
496 dumpstr(tcp, (long) iov[i].iov_base,
506 dumpstr(tcp, addr, len)
511 static int strsize = -1;
512 static unsigned char *str;
513 static char outstr[80];
520 if ((str = malloc(len)) == NULL) {
521 fprintf(stderr, "dump: no memory\n");
527 if (umoven(tcp, addr, len, (char *) str) < 0)
530 for (i = 0; i < len; i += 16) {
532 sprintf(s, " | %05x ", i);
534 for (j = 0; j < 16; j++) {
538 sprintf(s, " %02x", str[i + j]);
542 *s++ = ' '; *s++ = ' '; *s++ = ' ';
545 *s++ = ' '; *s++ = ' ';
546 for (j = 0; j < 16; j++) {
550 if (isprint(str[i + j]))
558 tprintf("%s |\n", outstr);
562 #define PAGMASK (~(PAGSIZ - 1))
564 * move `len' bytes of data from process `pid'
565 * at address `addr' to our space at `laddr'
568 umoven(tcp, addr, len, laddr)
581 char x[sizeof(long)];
584 if (addr & (sizeof(long) - 1)) {
585 /* addr not a multiple of sizeof(long) */
586 n = addr - (addr & -sizeof(long)); /* residue */
587 addr &= -sizeof(long); /* residue */
589 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *) addr, 0);
591 if (started && (errno==EPERM || errno==EIO)) {
592 /* Ran into 'end of memory' - stupid "printpath" */
595 /* But if not started, we had a bogus address. */
596 perror("ptrace: umoven");
600 memcpy(laddr, &u.x[n], m = MIN(sizeof(long) - n, len));
601 addr += sizeof(long), laddr += m, len -= m;
605 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *) addr, 0);
607 if (started && (errno==EPERM || errno==EIO)) {
608 /* Ran into 'end of memory' - stupid "printpath" */
611 perror("ptrace: umoven");
615 memcpy(laddr, u.x, m = MIN(sizeof(long), len));
616 addr += sizeof(long), laddr += m, len -= m;
626 char x[sizeof(long)];
629 if (addr & (sizeof(long) - 1)) {
630 /* addr not a multiple of sizeof(long) */
631 n = addr - (addr & -sizeof(long)); /* residue */
632 addr &= -sizeof(long); /* residue */
634 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *) addr, 0);
639 memcpy(laddr, &u.x[n], m = MIN(sizeof(long) - n, len));
640 addr += sizeof(long), laddr += m, len -= m;
644 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *) addr, 0);
649 memcpy(laddr, u.x, m = MIN(sizeof(long), len));
650 addr += sizeof(long), laddr += m, len -= m;
656 n = MIN(len, PAGSIZ);
657 n = MIN(n, ((addr + PAGSIZ) & PAGMASK) - addr);
658 if (ptrace(PTRACE_READDATA, pid,
659 (char *) addr, len, laddr) < 0) {
660 perror("umoven: ptrace(PTRACE_READDATA, ...)");
672 #ifdef HAVE_MP_PROCFS
673 int fd = tcp->pfd_as;
677 lseek(fd, addr, SEEK_SET);
678 if (read(fd, laddr, len) == -1)
680 #endif /* USE_PROCFS */
686 * like `umove' but make the additional effort of looking
687 * for a terminating zero byte.
690 umovestr(tcp, addr, len, laddr)
697 #ifdef HAVE_MP_PROCFS
698 int fd = tcp->pfd_as;
702 /* Some systems (e.g. FreeBSD) can be upset if we read off the
703 end of valid memory, avoid this by trying to read up
704 to page boundaries. But we don't know what a page is (and
705 getpagesize(2) (if it exists) doesn't necessarily return
706 hardware page size). Assume all pages >= 1024 (a-historical
709 int page = 1024; /* How to find this? */
710 int move = page - (addr & (page - 1));
713 lseek(fd, addr, SEEK_SET);
716 if (move > left) move = left;
717 if ((move = read(fd, laddr, move)) <= 0)
718 return left != len ? 0 : -1;
719 if (memchr (laddr, 0, move)) break;
725 #else /* !USE_PROCFS */
731 char x[sizeof(long)];
734 if (addr & (sizeof(long) - 1)) {
735 /* addr not a multiple of sizeof(long) */
736 n = addr - (addr & -sizeof(long)); /* residue */
737 addr &= -sizeof(long); /* residue */
739 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *)addr, 0);
741 if (started && (errno==EPERM || errno==EIO)) {
742 /* Ran into 'end of memory' - stupid "printpath" */
749 memcpy(laddr, &u.x[n], m = MIN(sizeof(long)-n,len));
750 while (n & (sizeof(long) - 1))
751 if (u.x[n++] == '\0')
753 addr += sizeof(long), laddr += m, len -= m;
757 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *)addr, 0);
759 if (started && (errno==EPERM || errno==EIO)) {
760 /* Ran into 'end of memory' - stupid "printpath" */
767 memcpy(laddr, u.x, m = MIN(sizeof(long), len));
768 for (i = 0; i < sizeof(long); i++)
772 addr += sizeof(long), laddr += m, len -= m;
774 #endif /* !USE_PROCFS */
780 #define PTRACE_WRITETEXT 101
781 #define PTRACE_WRITEDATA 102
788 uload(cmd, pid, addr, len, laddr)
799 n = MIN(len, PAGSIZ);
800 n = MIN(n, ((addr + PAGSIZ) & PAGMASK) - addr);
801 if (ptrace(cmd, pid, (char *)addr, n, laddr) < 0) {
802 perror("uload: ptrace(PTRACE_WRITE, ...)");
814 char x[sizeof(long)];
817 if (cmd == PTRACE_WRITETEXT) {
818 peek = PTRACE_PEEKTEXT;
819 poke = PTRACE_POKETEXT;
822 peek = PTRACE_PEEKDATA;
823 poke = PTRACE_POKEDATA;
825 if (addr & (sizeof(long) - 1)) {
826 /* addr not a multiple of sizeof(long) */
827 n = addr - (addr & -sizeof(long)); /* residue */
828 addr &= -sizeof(long);
830 u.val = ptrace(peek, pid, (char *) addr, 0);
832 perror("uload: POKE");
835 memcpy(&u.x[n], laddr, m = MIN(sizeof(long) - n, len));
836 if (ptrace(poke, pid, (char *)addr, u.val) < 0) {
837 perror("uload: POKE");
840 addr += sizeof(long), laddr += m, len -= m;
843 if (len < sizeof(long))
844 u.val = ptrace(peek, pid, (char *) addr, 0);
845 memcpy(u.x, laddr, m = MIN(sizeof(long), len));
846 if (ptrace(poke, pid, (char *) addr, u.val) < 0) {
847 perror("uload: POKE");
850 addr += sizeof(long), laddr += m, len -= m;
857 tload(pid, addr, len, laddr)
862 return uload(PTRACE_WRITETEXT, pid, addr, len, laddr);
866 dload(pid, addr, len, laddr)
872 return uload(PTRACE_WRITEDATA, pid, addr, len, laddr);
887 #ifdef SUNOS4_KERNEL_ARCH_KLUDGE
889 static int is_sun4m = -1;
892 /* Round up the usual suspects. */
893 if (is_sun4m == -1) {
894 if (uname(&name) < 0) {
895 perror("upeek: uname?");
898 is_sun4m = strcmp(name.machine, "sun4m") == 0;
900 extern struct xlat struct_user_offsets[];
903 for (x = struct_user_offsets; x->str; x++)
910 #endif /* SUNOS4_KERNEL_ARCH_KLUDGE */
912 val = ptrace(PTRACE_PEEKUSER, pid, (char *) off, 0);
913 if (val == -1 && errno) {
915 sprintf(buf,"upeek: ptrace(PTRACE_PEEKUSER,%d,%lu,0)",pid,off);
923 #endif /* !USE_PROCFS */
933 if (upeek(tcp->pid, 4*EIP, &pc) < 0)
935 #elif defined(X86_64)
936 if (upeek(tcp->pid, 8*RIP, &pc) < 0)
939 if (upeek(tcp->pid, PT_B0, &pc) < 0)
942 if (upeek(tcp->pid, 4*15, &pc) < 0)
944 #elif defined(POWERPC)
945 if (upeek(tcp->pid, 4*PT_NIP, &pc) < 0)
948 if (upeek(tcp->pid, 4*PT_PC, &pc) < 0)
951 if (upeek(tcp->pid, REG_PC, &pc) < 0)
954 if (upeek(tcp->pid, REG_EPC, &pc) < 0)
958 if (ptrace(PTRACE_GETREGS,tcp->pid,(char *)®s,0) < 0)
961 #elif defined(S390) || defined(S390X)
962 if(upeek(tcp->pid,PT_PSWADDR,&pc) < 0)
965 if(upeek(tcp->pid,PT_IAOQ0,&pc) < 0)
968 if (upeek(tcp->pid, 4*REG_PC ,&pc) < 0)
976 * Return current program counter for `pid'
977 * Assumes PC is never 0xffffffff
981 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *) ®s, 0) < 0) {
982 perror("getpc: ptrace(PTRACE_GETREGS, ...)");
995 pread(tcp->pfd_reg, ®s, sizeof(regs), 0);
1009 if (upeek(tcp->pid, 4*EIP, &eip) < 0) {
1010 tprintf("[????????] ");
1013 tprintf("[%08lx] ", eip);
1014 #elif defined(X86_64)
1017 if (upeek(tcp->pid, 8*RIP, &rip) < 0) {
1018 tprintf("[????????] ");
1021 tprintf("[%16lx] ", rip);
1025 if (upeek(tcp->pid, PT_B0, &ip) < 0) {
1026 tprintf("[????????] ");
1029 tprintf("[%08lx] ", ip);
1030 #elif defined(POWERPC)
1033 if (upeek(tcp->pid, 4*PT_NIP, &pc) < 0) {
1034 tprintf ("[????????] ");
1037 tprintf("[%08lx] ", pc);
1041 if (upeek(tcp->pid, 4*PT_PC, &pc) < 0) {
1042 tprintf ("[????????] ");
1045 tprintf("[%08lx] ", pc);
1046 #elif defined(ALPHA)
1049 if (upeek(tcp->pid, REG_PC, &pc) < 0) {
1050 tprintf ("[????????] ");
1053 tprintf("[%08lx] ", pc);
1054 #elif defined(SPARC)
1056 if (ptrace(PTRACE_GETREGS,tcp->pid,(char *)®s,0) < 0) {
1057 tprintf("[????????] ");
1060 tprintf("[%08lx] ", regs.r_pc);
1064 if(upeek(tcp->pid,PT_IAOQ0,&pc) < 0) {
1065 tprintf ("[????????] ");
1068 tprintf("[%08lx] ", pc);
1072 if (upeek(tcp->pid, REG_EPC, &pc) < 0) {
1073 tprintf ("[????????] ");
1076 tprintf("[%08lx] ", pc);
1080 if (upeek(tcp->pid, 4*REG_PC, &pc) < 0) {
1081 tprintf ("[????????] ");
1084 tprintf("[%08lx] ", pc);
1085 #endif /* !architecture */
1091 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *) ®s, 0) < 0) {
1092 perror("printcall: ptrace(PTRACE_GETREGS, ...)");
1093 tprintf("[????????] ");
1096 tprintf("[%08x] ", regs.r_o7);
1101 tprintf("[????????] ");
1106 pread(tcp->pfd_reg, ®s, sizeof(regs), 0);
1107 tprintf("[%08x] ", regs.r_eip);
1108 #endif /* FREEBSD */
1115 #include <sys/syscall.h>
1116 #ifndef CLONE_PTRACE
1117 # define CLONE_PTRACE 0x00002000
1122 typedef unsigned long *arg_setup_state;
1125 arg_setup(struct tcb *tcp, arg_setup_state *state)
1127 unsigned long *bsp, cfm, sof, sol;
1129 if (upeek(tcp->pid, PT_AR_BSP, (long *) &bsp) < 0)
1131 if (upeek(tcp->pid, PT_CFM, (long *) &cfm) < 0)
1134 sof = (cfm >> 0) & 0x7f;
1135 sol = (cfm >> 7) & 0x7f;
1136 bsp = ia64_rse_skip_regs(bsp, -sof + sol);
1142 # define arg_finish_change(tcp, state) 0
1146 get_arg0 (struct tcb *tcp, arg_setup_state *state, long *valp)
1148 return umoven (tcp, (unsigned long) ia64_rse_skip_regs(*state, 0),
1149 sizeof(long), (void *) valp);
1153 get_arg1 (struct tcb *tcp, arg_setup_state *state, long *valp)
1155 return umoven (tcp, (unsigned long) ia64_rse_skip_regs(*state, 1),
1156 sizeof(long), (void *) valp);
1161 set_arg0 (struct tcb *tcp, arg_setup_state *state, long val)
1164 ap = ia64_rse_skip_regs(*state, 0);
1166 ptrace(PTRACE_POKEDATA, tcp->pid, (void *) ap, val);
1167 return errno ? -1 : 0;
1171 set_arg1 (struct tcb *tcp, arg_setup_state *state, long val)
1174 ap = ia64_rse_skip_regs(*state, 1);
1176 ptrace(PTRACE_POKEDATA, tcp->pid, (void *) ap, val);
1177 return errno ? -1 : 0;
1180 #elif defined (SPARC)
1182 typedef struct regs arg_setup_state;
1184 # define arg_setup(tcp, state) \
1185 (ptrace (PTRACE_GETREGS, tcp->pid, (char *) (state), 0))
1186 # define arg_finish_change(tcp, state) \
1187 (ptrace (PTRACE_SETREGS, tcp->pid, (char *) (state), 0))
1189 # define get_arg0(tcp, state, valp) (*(valp) = (state)->r_o0, 0)
1190 # define get_arg1(tcp, state, valp) (*(valp) = (state)->r_o1, 0)
1191 # define set_arg0(tcp, state, val) ((state)->r_o0 = (val), 0)
1192 # define set_arg1(tcp, state, val) ((state)->r_o1 = (val), 0)
1193 # define restore_arg0(tcp, state, val) 0
1197 # if defined S390 || defined S390X
1198 # define arg0_offset PT_ORIGGPR2
1199 # define arg1_offset PT_GPR2
1200 # define restore_arg0(tcp, state, val) 0
1201 # define restore_arg1(tcp, state, val) 0
1202 # elif defined (ALPHA) || defined (MIPS)
1203 # define arg0_offset REG_A0
1204 # define arg1_offset (REG_A0+1)
1205 # elif defined (POWERPC)
1206 # define arg0_offset (4*PT_R3)
1207 # define arg1_offset (4*PT_R4)
1208 # define restore_arg0(tcp, state, val) 0
1209 # elif defined (HPPA)
1210 # define arg0_offset PT_GR26
1211 # define arg1_offset (PT_GR26-4)
1212 # elif defined (X86_64)
1213 # define arg0_offset ((long)(8*(current_personality ? RBX : RDI)))
1214 # define arg1_offset ((long)(8*(current_personality ? RCX : RSI)))
1216 # define arg0_offset 0
1217 # define arg1_offset 4
1218 # if defined SH || defined ARM
1219 # define restore_arg0(tcp, state, val) 0
1223 typedef int arg_setup_state;
1225 # define arg_setup(tcp, state) (0)
1226 # define arg_finish_change(tcp, state) 0
1227 # define get_arg0(tcp, cookie, valp) \
1228 (upeek ((tcp)->pid, arg0_offset, (valp)))
1229 # define get_arg1(tcp, cookie, valp) \
1230 (upeek ((tcp)->pid, arg1_offset, (valp)))
1233 set_arg0 (struct tcb *tcp, void *cookie, long val)
1235 return ptrace (PTRACE_POKEUSER, tcp->pid, (char*)arg0_offset, val);
1239 set_arg1 (struct tcb *tcp, void *cookie, long val)
1241 return ptrace (PTRACE_POKEUSER, tcp->pid, (char*)arg1_offset, val);
1246 #ifndef restore_arg0
1247 # define restore_arg0(tcp, state, val) set_arg0((tcp), (state), (val))
1249 #ifndef restore_arg1
1250 # define restore_arg1(tcp, state, val) set_arg1((tcp), (state), (val))
1257 extern int change_syscall(struct tcb *, int);
1258 arg_setup_state state;
1260 if (tcp->flags & TCB_BPTSET) {
1261 fprintf(stderr, "PANIC: TCB already set in pid %u\n", tcp->pid);
1265 switch (tcp->scno) {
1268 if (arg_setup (tcp, &state) < 0
1269 || get_arg0 (tcp, &state, &tcp->inst[0]) < 0
1270 || get_arg1 (tcp, &state, &tcp->inst[1]) < 0
1271 || change_syscall(tcp, SYS_clone) < 0
1272 || set_arg0 (tcp, &state, CLONE_PTRACE|SIGCHLD) < 0
1273 || set_arg1 (tcp, &state, 0) < 0
1274 || arg_finish_change (tcp, &state) < 0)
1276 tcp->u_arg[0] = CLONE_PTRACE|SIGCHLD;
1278 tcp->flags |= TCB_BPTSET;
1286 if ((tcp->u_arg[0] & CLONE_PTRACE) == 0
1287 && (arg_setup (tcp, &state) < 0
1288 || set_arg0 (tcp, &state, tcp->u_arg[0] | CLONE_PTRACE) < 0
1289 || arg_finish_change (tcp, &state) < 0))
1291 tcp->flags |= TCB_BPTSET;
1292 tcp->inst[0] = tcp->u_arg[0];
1293 tcp->inst[1] = tcp->u_arg[1];
1297 fprintf(stderr, "PANIC: setbpt for syscall %ld on %u???\n",
1298 tcp->scno, tcp->pid);
1309 arg_setup_state state;
1310 if (arg_setup (tcp, &state) < 0
1311 || restore_arg0 (tcp, &state, tcp->inst[0]) < 0
1312 || restore_arg1 (tcp, &state, tcp->inst[1]) < 0
1313 || arg_finish_change (tcp, &state))
1315 tcp->flags &= ~TCB_BPTSET;
1328 /* We simply use the SunOS breakpoint code. */
1331 #define LOOPA 0x30800000 /* ba,a 0 */
1333 if (tcp->flags & TCB_BPTSET) {
1334 fprintf(stderr, "PANIC: TCB already set in pid %u\n", tcp->pid);
1337 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *)®s, 0) < 0) {
1338 perror("setbpt: ptrace(PTRACE_GETREGS, ...)");
1341 tcp->baddr = regs.r_o7 + 8;
1343 tcp->inst[0] = ptrace(PTRACE_PEEKTEXT, tcp->pid, (char *)tcp->baddr, 0);
1345 perror("setbpt: ptrace(PTRACE_PEEKTEXT, ...)");
1350 * XXX - BRUTAL MODE ON
1351 * We cannot set a real BPT in the child, since it will not be
1352 * traced at the moment it will reach the trap and would probably
1353 * die with a core dump.
1354 * Thus, we are force our way in by taking out two instructions
1355 * and insert an eternal loop instead, in expectance of the SIGSTOP
1356 * generated by out PTRACE_ATTACH.
1357 * Of cause, if we evaporate ourselves in the middle of all this...
1360 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, LOOPA);
1362 perror("setbpt: ptrace(PTRACE_POKETEXT, ...)");
1365 tcp->flags |= TCB_BPTSET;
1370 # define LOOP 0x0000feeb
1371 if (tcp->flags & TCB_BPTSET) {
1372 fprintf(stderr, "PANIC: bpt already set in pid %u\n",
1376 if (upeek(tcp->pid, PT_CR_IIP, &tcp->baddr) < 0)
1379 fprintf(stderr, "[%d] setting bpt at %lx\n",
1380 tcp->pid, tcp->baddr);
1381 tcp->inst[0] = ptrace(PTRACE_PEEKTEXT, tcp->pid,
1382 (char *) tcp->baddr, 0);
1384 perror("setbpt: ptrace(PTRACE_PEEKTEXT, ...)");
1387 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, LOOP);
1389 perror("setbpt: ptrace(PTRACE_POKETEXT, ...)");
1392 tcp->flags |= TCB_BPTSET;
1395 * Our strategy here is to replace the bundle that
1396 * contained the clone() syscall with a bundle of the
1399 * { 1: br 1b; br 1b; br 1b }
1401 * This ensures that the newly forked child will loop
1402 * endlessly until we've got a chance to attach to it.
1404 # define LOOP0 0x0000100000000017
1405 # define LOOP1 0x4000000000200000
1406 unsigned long addr, ipsr;
1410 if (upeek(pid, PT_CR_IPSR, &ipsr) < 0)
1412 if (upeek(pid, PT_CR_IIP, &addr) < 0)
1414 /* store "ri" in low two bits */
1415 tcp->baddr = addr | ((ipsr >> 41) & 0x3);
1418 tcp->inst[0] = ptrace(PTRACE_PEEKTEXT, pid, (char *) addr + 0,
1420 tcp->inst[1] = ptrace(PTRACE_PEEKTEXT, pid, (char *) addr + 8,
1423 perror("setbpt: ptrace(PTRACE_PEEKTEXT, ...)");
1428 ptrace(PTRACE_POKETEXT, pid, (char *) addr + 0, LOOP0);
1429 ptrace(PTRACE_POKETEXT, pid, (char *) addr + 8, LOOP1);
1431 perror("setbpt: ptrace(PTRACE_POKETEXT, ...)");
1434 tcp->flags |= TCB_BPTSET;
1438 #if defined (I386) || defined(X86_64)
1439 #define LOOP 0x0000feeb
1440 #elif defined (M68K)
1441 #define LOOP 0x60fe0000
1442 #elif defined (ALPHA)
1443 #define LOOP 0xc3ffffff
1444 #elif defined (POWERPC)
1445 #define LOOP 0x48000000
1447 #define LOOP 0xEAFFFFFE
1449 #define LOOP 0x1000ffff
1451 #define LOOP 0xa7f40000 /* BRC 15,0 */
1452 #elif defined(S390X)
1453 #define LOOP 0xa7f4000000000000UL /* BRC 15,0 */
1455 #define LOOP 0xe81f1ff7 /* b,l,n <loc>,r0 */
1457 #ifdef __LITTLE_ENDIAN__
1458 #define LOOP 0x0000affe
1460 #define LOOP 0xfeaf0000
1463 #error unknown architecture
1466 if (tcp->flags & TCB_BPTSET) {
1467 fprintf(stderr, "PANIC: bpt already set in pid %u\n", tcp->pid);
1471 if (upeek(tcp->pid, 4*EIP, &tcp->baddr) < 0)
1473 #elif defined (X86_64)
1474 if (upeek(tcp->pid, 8*RIP, &tcp->baddr) < 0)
1476 #elif defined (M68K)
1477 if (upeek(tcp->pid, 4*PT_PC, &tcp->baddr) < 0)
1479 #elif defined (ALPHA)
1483 #elif defined (MIPS)
1484 return -1; /* FIXME: I do not know what i do - Flo */
1485 #elif defined (POWERPC)
1486 if (upeek(tcp->pid, 4*PT_NIP, &tcp->baddr) < 0)
1488 #elif defined(S390) || defined(S390X)
1489 if (upeek(tcp->pid,PT_PSWADDR, &tcp->baddr) < 0)
1492 if (upeek(tcp->pid, PT_IAOQ0, &tcp->baddr) < 0)
1494 tcp->baddr &= ~0x03;
1496 if (upeek(tcp->pid, 4*REG_PC, &tcp->baddr) < 0)
1499 #error unknown architecture
1502 fprintf(stderr, "[%d] setting bpt at %lx\n", tcp->pid, tcp->baddr);
1503 tcp->inst[0] = ptrace(PTRACE_PEEKTEXT, tcp->pid, (char *) tcp->baddr, 0);
1505 perror("setbpt: ptrace(PTRACE_PEEKTEXT, ...)");
1508 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, LOOP);
1510 perror("setbpt: ptrace(PTRACE_POKETEXT, ...)");
1513 tcp->flags |= TCB_BPTSET;
1520 #ifdef SPARC /* This code is slightly sparc specific */
1523 #define BPT 0x91d02001 /* ta 1 */
1524 #define LOOP 0x10800000 /* ba 0 */
1525 #define LOOPA 0x30800000 /* ba,a 0 */
1526 #define NOP 0x01000000
1528 static int loopdeloop[1] = {LOOPA};
1530 static int loopdeloop[2] = {LOOP, NOP};
1533 if (tcp->flags & TCB_BPTSET) {
1534 fprintf(stderr, "PANIC: TCB already set in pid %u\n", tcp->pid);
1537 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *)®s, 0) < 0) {
1538 perror("setbpt: ptrace(PTRACE_GETREGS, ...)");
1541 tcp->baddr = regs.r_o7 + 8;
1542 if (ptrace(PTRACE_READTEXT, tcp->pid, (char *)tcp->baddr,
1543 sizeof tcp->inst, (char *)tcp->inst) < 0) {
1544 perror("setbpt: ptrace(PTRACE_READTEXT, ...)");
1549 * XXX - BRUTAL MODE ON
1550 * We cannot set a real BPT in the child, since it will not be
1551 * traced at the moment it will reach the trap and would probably
1552 * die with a core dump.
1553 * Thus, we are force our way in by taking out two instructions
1554 * and insert an eternal loop in stead, in expectance of the SIGSTOP
1555 * generated by out PTRACE_ATTACH.
1556 * Of cause, if we evaporate ourselves in the middle of all this...
1558 if (ptrace(PTRACE_WRITETEXT, tcp->pid, (char *) tcp->baddr,
1559 sizeof loopdeloop, (char *) loopdeloop) < 0) {
1560 perror("setbpt: ptrace(PTRACE_WRITETEXT, ...)");
1563 tcp->flags |= TCB_BPTSET;
1577 #if defined(I386) || defined(X86_64)
1579 #elif defined(POWERPC)
1583 #elif defined(ALPHA)
1589 #endif /* architecture */
1592 /* Again, we borrow the SunOS breakpoint code. */
1593 if (!(tcp->flags & TCB_BPTSET)) {
1594 fprintf(stderr, "PANIC: TCB not set in pid %u\n", tcp->pid);
1598 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, tcp->inst[0]);
1600 perror("clearbtp: ptrace(PTRACE_POKETEXT, ...)");
1603 tcp->flags &= ~TCB_BPTSET;
1609 fprintf(stderr, "[%d] clearing bpt\n", tcp->pid);
1610 if (!(tcp->flags & TCB_BPTSET)) {
1611 fprintf(stderr, "PANIC: TCB not set in pid %u\n", tcp->pid);
1615 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, tcp->inst[0]);
1617 perror("clearbtp: ptrace(PTRACE_POKETEXT, ...)");
1620 tcp->flags &= ~TCB_BPTSET;
1622 if (upeek(tcp->pid, PT_CR_IIP, &addr) < 0)
1624 if (addr != tcp->baddr) {
1625 /* The breakpoint has not been reached yet. */
1628 "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1633 unsigned long addr, ipsr;
1638 if (upeek(pid, PT_CR_IPSR, &ipsr) < 0)
1640 if (upeek(pid, PT_CR_IIP, &addr) < 0)
1643 /* restore original bundle: */
1645 ptrace(PTRACE_POKETEXT, pid, (char *) addr + 0, tcp->inst[0]);
1646 ptrace(PTRACE_POKETEXT, pid, (char *) addr + 8, tcp->inst[1]);
1648 perror("clearbpt: ptrace(PTRACE_POKETEXT, ...)");
1652 /* restore original "ri" in ipsr: */
1653 ipsr = (ipsr & ~(0x3ul << 41)) | ((tcp->baddr & 0x3) << 41);
1655 ptrace(PTRACE_POKEUSER, pid, (char *) PT_CR_IPSR, ipsr);
1657 perror("clrbpt: ptrace(PTRACE_POKEUSER, ...)");
1661 tcp->flags &= ~TCB_BPTSET;
1663 if (addr != (tcp->baddr & ~0x3)) {
1664 /* the breakpoint has not been reached yet. */
1666 fprintf(stderr, "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1671 #else /* !IA64 && ! SPARC */
1674 fprintf(stderr, "[%d] clearing bpt\n", tcp->pid);
1675 if (!(tcp->flags & TCB_BPTSET)) {
1676 fprintf(stderr, "PANIC: TCB not set in pid %u\n", tcp->pid);
1680 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, tcp->inst[0]);
1682 perror("clearbtp: ptrace(PTRACE_POKETEXT, ...)");
1685 tcp->flags &= ~TCB_BPTSET;
1688 if (upeek(tcp->pid, 4*EIP, &eip) < 0)
1690 if (eip != tcp->baddr) {
1691 /* The breakpoint has not been reached yet. */
1694 "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1698 #elif defined(X86_64)
1699 if (upeek(tcp->pid, 8*RIP, &eip) < 0)
1701 if (eip != tcp->baddr) {
1702 /* The breakpoint has not been reached yet. */
1705 "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1709 #elif defined(POWERPC)
1710 if (upeek(tcp->pid, 4*PT_NIP, &pc) < 0)
1712 if (pc != tcp->baddr) {
1713 /* The breakpoint has not been reached yet. */
1715 fprintf(stderr, "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1720 if (upeek(tcp->pid, 4*PT_PC, &pc) < 0)
1722 if (pc != tcp->baddr) {
1723 /* The breakpoint has not been reached yet. */
1725 fprintf(stderr, "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1729 #elif defined(ALPHA)
1730 if (upeek(tcp->pid, REG_PC, &pc) < 0)
1732 if (pc != tcp->baddr) {
1733 /* The breakpoint has not been reached yet. */
1735 fprintf(stderr, "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1740 if (upeek(tcp->pid, PT_IAOQ0, &iaoq) < 0)
1743 if (iaoq != tcp->baddr && iaoq != tcp->baddr + 4) {
1744 /* The breakpoint has not been reached yet. */
1746 fprintf(stderr, "NOTE: PC not at bpt (iaoq %#lx baddr %#lx)\n",
1750 iaoq = tcp->baddr | 3;
1751 /* We should be pointing at a 'ldi -1000,r1' in glibc, so it is
1752 * safe to set both IAOQ0 and IAOQ1 to that so the PSW N bit
1753 * has no significant effect.
1755 ptrace(PTRACE_POKEUSER, tcp->pid, (void *)PT_IAOQ0, iaoq);
1756 ptrace(PTRACE_POKEUSER, tcp->pid, (void *)PT_IAOQ1, iaoq);
1758 if (upeek(tcp->pid, 4*REG_PC, &pc) < 0)
1760 if (pc != tcp->baddr) {
1761 /* The breakpoint has not been reached yet. */
1763 fprintf(stderr, "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1769 #endif /* !SPARC && !IA64 */
1779 if (!(tcp->flags & TCB_BPTSET)) {
1780 fprintf(stderr, "PANIC: TCB not set in pid %u\n", tcp->pid);
1783 if (ptrace(PTRACE_WRITETEXT, tcp->pid, (char *) tcp->baddr,
1784 sizeof tcp->inst, (char *) tcp->inst) < 0) {
1785 perror("clearbtp: ptrace(PTRACE_WRITETEXT, ...)");
1788 tcp->flags &= ~TCB_BPTSET;
1792 * Since we don't have a single instruction breakpoint, we may have
1793 * to adjust the program counter after removing the our `breakpoint'.
1795 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *)®s, 0) < 0) {
1796 perror("clearbpt: ptrace(PTRACE_GETREGS, ...)");
1799 if ((regs.r_pc < tcp->baddr) ||
1800 (regs.r_pc > tcp->baddr + 4)) {
1801 /* The breakpoint has not been reached yet */
1804 "NOTE: PC not at bpt (pc %#x baddr %#x)\n",
1805 regs.r_pc, tcp->parent->baddr);
1808 if (regs.r_pc != tcp->baddr)
1810 fprintf(stderr, "NOTE: PC adjusted (%#x -> %#x\n",
1811 regs.r_pc, tcp->baddr);
1813 regs.r_pc = tcp->baddr;
1814 if (ptrace(PTRACE_SETREGS, tcp->pid, (char *)®s, 0) < 0) {
1815 perror("clearbpt: ptrace(PTRACE_SETREGS, ...)");
1827 #endif /* !USE_PROCFS */
1838 for (n = 0; n < sizeof *hdr; n += 4) {
1840 if (upeek(pid, uoff(u_exdata) + n, &res) < 0)
1842 memcpy(((char *) hdr) + n, &res, 4);
1845 fprintf(stderr, "[struct exec: magic: %o version %u Mach %o\n",
1846 hdr->a_magic, hdr->a_toolversion, hdr->a_machtype);
1847 fprintf(stderr, "Text %lu Data %lu Bss %lu Syms %lu Entry %#lx]\n",
1848 hdr->a_text, hdr->a_data, hdr->a_bss, hdr->a_syms, hdr->a_entry);
1859 * Change `vfork' in a freshly exec'ed dynamically linked
1860 * executable's (internal) symbol table to plain old `fork'
1864 struct link_dynamic dyn;
1865 struct link_dynamic_2 ld;
1868 if (getex(pid, &hdr) < 0)
1873 if (umove(tcp, (int) N_DATADDR(hdr), &dyn) < 0) {
1874 fprintf(stderr, "Cannot read DYNAMIC\n");
1877 if (umove(tcp, (int) dyn.ld_un.ld_2, &ld) < 0) {
1878 fprintf(stderr, "Cannot read link_dynamic_2\n");
1881 if ((strtab = malloc((unsigned)ld.ld_symb_size)) == NULL) {
1882 fprintf(stderr, "fixvfork: out of memory\n");
1885 if (umoven(tcp, (int)ld.ld_symbols+(int)N_TXTADDR(hdr),
1886 (int)ld.ld_symb_size, strtab) < 0)
1890 for (cp = strtab; cp < strtab + ld.ld_symb_size; ) {
1891 fprintf(stderr, "[symbol: %s]\n", cp);
1896 for (cp = strtab; cp < strtab + ld.ld_symb_size; ) {
1897 if (strcmp(cp, "_vfork") == 0) {
1899 fprintf(stderr, "fixvfork: FOUND _vfork\n");
1900 strcpy(cp, "_fork");
1905 if (cp < strtab + ld.ld_symb_size)
1907 * Write entire symbol table back to avoid
1908 * memory alignment bugs in ptrace
1910 if (tload(pid, (int)ld.ld_symbols+(int)N_TXTADDR(hdr),
1911 (int)ld.ld_symb_size, strtab) < 0)