2 * Copyright (c) 1991, 1992 Paul Kranenburg <pk@cs.few.eur.nl>
3 * Copyright (c) 1993 Branko Lankester <branko@hacktic.nl>
4 * Copyright (c) 1993, 1994, 1995, 1996 Rick Sladkey <jrs@world.std.com>
5 * Copyright (c) 1996-1999 Wichert Akkerman <wichert@cistron.nl>
6 * Copyright (c) 1999 IBM Deutschland Entwicklung GmbH, IBM Corporation
7 * Linux for s390 port by D.J. Barrow
8 * <barrow_dj@mail.yahoo.com,djbarrow@de.ibm.com>
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 * 3. The name of the author may not be used to endorse or promote products
20 * derived from this software without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
23 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
24 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
25 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
27 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
31 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39 #include <sys/syscall.h>
41 #include <sys/param.h>
47 #include <machine/reg.h>
52 #if defined(linux) && (__GLIBC__ < 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ < 1))
53 #include <linux/ptrace.h>
56 #if defined(LINUX) && defined(IA64)
57 # include <asm/ptrace_offsets.h>
63 # define PTRACE_PEEKUSR PTRACE_PEEKUSER
64 #elif defined(HAVE_LINUX_PTRACE_H)
66 #include <linux/ptrace.h>
69 #ifdef SUNOS4_KERNEL_ARCH_KLUDGE
70 #include <sys/utsname.h>
71 #endif /* SUNOS4_KERNEL_ARCH_KLUDGE */
73 #if defined(LINUX) && defined(SPARC)
77 #if !defined(__GLIBC__)
79 #include <linux/unistd.h>
81 #define _hack_syscall5(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4,\
83 type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4,type5 arg5) \
87 __asm__ volatile ("or %%g0, %1, %%o0\n\t" \
88 "or %%g0, %2, %%o1\n\t" \
89 "or %%g0, %3, %%o2\n\t" \
90 "or %%g0, %4, %%o3\n\t" \
91 "or %%g0, %5, %%o4\n\t" \
92 "or %%g0, %6, %%g1\n\t" \
95 "or %%g0, %%o0, %0\n\t" \
96 "sub %%g0, %%o0, %0\n\t" \
99 : "0" ((long)(arg1)),"1" ((long)(arg2)), \
100 "2" ((long)(arg3)),"3" ((long)(arg4)),"4" ((long)(arg5)), \
101 "i" (__NR_##syscall) \
102 : "g1", "o0", "o1", "o2", "o3", "o4"); \
104 return (type) __res; \
109 static _hack_syscall5(int,_ptrace,int,__request,int,__pid,int,__addr,int,__data,int,__addr2,ptrace)
119 #define MAX(a,b) (((a) > (b)) ? (a) : (b))
122 #define MIN(a,b) (((a) < (b)) ? (a) : (b))
139 return a->tv_sec || a->tv_usec;
144 struct timeval *a, *b;
146 if (a->tv_sec < b->tv_sec
147 || (a->tv_sec == b->tv_sec && a->tv_usec < b->tv_usec))
149 if (a->tv_sec > b->tv_sec
150 || (a->tv_sec == b->tv_sec && a->tv_usec > b->tv_usec))
159 return tv->tv_sec + tv->tv_usec/1000000.0;
164 struct timeval *tv, *a, *b;
166 tv->tv_sec = a->tv_sec + b->tv_sec;
167 tv->tv_usec = a->tv_usec + b->tv_usec;
168 if (tv->tv_usec > 1000000) {
170 tv->tv_usec -= 1000000;
176 struct timeval *tv, *a, *b;
178 tv->tv_sec = a->tv_sec - b->tv_sec;
179 tv->tv_usec = a->tv_usec - b->tv_usec;
180 if (((long) tv->tv_usec) < 0) {
182 tv->tv_usec += 1000000;
188 struct timeval *tv, *a;
191 tv->tv_usec = (a->tv_sec % n * 1000000 + a->tv_usec + n / 2) / n;
192 tv->tv_sec = a->tv_sec / n + tv->tv_usec / 1000000;
193 tv->tv_usec %= 1000000;
198 struct timeval *tv, *a;
201 tv->tv_usec = a->tv_usec * n;
202 tv->tv_sec = a->tv_sec * n + a->tv_usec / 1000000;
203 tv->tv_usec %= 1000000;
211 for (; xlat->str != NULL; xlat++)
212 if (xlat->val == val)
218 * Print entry in struct xlat table, if there.
221 printxval(xlat, val, dflt)
226 char *str = xlookup(xlat, val);
231 tprintf("%#x /* %s */", val, dflt);
235 * Interpret `xlat' as an array of flags
236 * print the entries whose bits are on in `flags'
237 * return # of flags printed.
240 addflags(xlat, flags)
246 for (n = 0; xlat->str; xlat++) {
247 if (xlat->val && (flags & xlat->val) == xlat->val) {
248 tprintf("|%s", xlat->str);
254 tprintf("|%#x", flags);
261 printflags(xlat, flags)
268 if (flags == 0 && xlat->val == 0) {
269 tprintf("%s", xlat->str);
274 for (n = 0; xlat->str; xlat++) {
275 if (xlat->val && (flags & xlat->val) == xlat->val) {
276 tprintf("%s%s", sep, xlat->str);
283 tprintf("%s%#x", sep, flags);
290 printnum(tcp, addr, fmt)
301 if (umove(tcp, addr, &num) < 0) {
302 tprintf("%#lx", addr);
310 static char path[MAXPATHLEN + 1];
316 char buf[2 * MAXPATHLEN + 1];
319 if (!strpbrk(str, "\"\'\\")) {
320 tprintf("\"%s\"", str);
323 for (s = buf; *str; str++) {
325 case '\"': case '\'': case '\\':
326 *s++ = '\\'; *s++ = *str; break;
332 tprintf("\"%s\"", buf);
340 if (umovestr(tcp, addr, MAXPATHLEN, path) < 0)
341 tprintf("%#lx", addr);
348 printpathn(tcp, addr, n)
353 if (umovestr(tcp, addr, n, path) < 0)
354 tprintf("%#lx", addr);
362 printstr(tcp, addr, len)
367 static unsigned char *str = NULL;
377 if ((str = malloc(max_strlen)) == NULL
378 || (outstr = malloc(2*max_strlen)) == NULL) {
379 fprintf(stderr, "printstr: no memory\n");
380 tprintf("%#lx", addr);
384 outend = outstr + max_strlen * 2 - 10;
387 if (umovestr(tcp, addr, n, (char *) str) < 0) {
388 tprintf("%#lx", addr);
393 n = MIN(len, max_strlen);
394 if (umoven(tcp, addr, n, (char *) str) < 0) {
395 tprintf("%#lx", addr);
404 for (i = 0; i < n; i++) {
406 if (len < 0 && c == '\0')
408 if (!isprint(c) && !isspace(c)) {
419 for (i = 0; i < n; i++) {
421 if (len < 0 && c == '\0')
423 sprintf(s, "\\x%02x", c);
430 for (i = 0; i < n; i++) {
432 if (len < 0 && c == '\0')
435 case '\"': case '\'': case '\\':
436 *s++ = '\\'; *s++ = c; break;
438 *s++ = '\\'; *s++ = 'f'; break;
440 *s++ = '\\'; *s++ = 'n'; break;
442 *s++ = '\\'; *s++ = 'r'; break;
444 *s++ = '\\'; *s++ = 't'; break;
446 *s++ = '\\'; *s++ = 'v'; break;
450 else if (i < n - 1 && isdigit(str[i + 1])) {
451 sprintf(s, "\\%03o", c);
455 sprintf(s, "\\%o", c);
466 if (i < len || (len < 0 && (i == n || s > outend))) {
467 *s++ = '.'; *s++ = '.'; *s++ = '.';
470 tprintf("%s", outstr);
475 dumpiov(tcp, len, addr)
484 if ((iov = (struct iovec *) malloc(len * sizeof *iov)) == NULL) {
485 fprintf(stderr, "dump: No memory");
488 if (umoven(tcp, addr,
489 len * sizeof *iov, (char *) iov) >= 0) {
491 for (i = 0; i < len; i++) {
492 /* include the buffer number to make it easy to
493 * match up the trace with the source */
494 tprintf(" * %lu bytes in buffer %d\n",
495 (unsigned long)iov[i].iov_len, i);
496 dumpstr(tcp, (long) iov[i].iov_base,
506 dumpstr(tcp, addr, len)
511 static int strsize = -1;
512 static unsigned char *str;
513 static char outstr[80];
520 if ((str = malloc(len)) == NULL) {
521 fprintf(stderr, "dump: no memory\n");
527 if (umoven(tcp, addr, len, (char *) str) < 0)
530 for (i = 0; i < len; i += 16) {
532 sprintf(s, " | %05x ", i);
534 for (j = 0; j < 16; j++) {
538 sprintf(s, " %02x", str[i + j]);
542 *s++ = ' '; *s++ = ' '; *s++ = ' ';
545 *s++ = ' '; *s++ = ' ';
546 for (j = 0; j < 16; j++) {
550 if (isprint(str[i + j]))
558 tprintf("%s |\n", outstr);
562 #define PAGMASK (~(PAGSIZ - 1))
564 * move `len' bytes of data from process `pid'
565 * at address `addr' to our space at `laddr'
568 umoven(tcp, addr, len, laddr)
581 char x[sizeof(long)];
584 if (addr & (sizeof(long) - 1)) {
585 /* addr not a multiple of sizeof(long) */
586 n = addr - (addr & -sizeof(long)); /* residue */
587 addr &= -sizeof(long); /* residue */
589 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *) addr, 0);
591 if (started && (errno==EPERM || errno==EIO)) {
592 /* Ran into 'end of memory' - stupid "printpath" */
595 /* But if not started, we had a bogus address. */
596 perror("ptrace: umoven");
600 memcpy(laddr, &u.x[n], m = MIN(sizeof(long) - n, len));
601 addr += sizeof(long), laddr += m, len -= m;
605 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *) addr, 0);
607 if (started && (errno==EPERM || errno==EIO)) {
608 /* Ran into 'end of memory' - stupid "printpath" */
611 perror("ptrace: umoven");
615 memcpy(laddr, u.x, m = MIN(sizeof(long), len));
616 addr += sizeof(long), laddr += m, len -= m;
626 char x[sizeof(long)];
629 if (addr & (sizeof(long) - 1)) {
630 /* addr not a multiple of sizeof(long) */
631 n = addr - (addr & -sizeof(long)); /* residue */
632 addr &= -sizeof(long); /* residue */
634 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *) addr, 0);
639 memcpy(laddr, &u.x[n], m = MIN(sizeof(long) - n, len));
640 addr += sizeof(long), laddr += m, len -= m;
644 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *) addr, 0);
649 memcpy(laddr, u.x, m = MIN(sizeof(long), len));
650 addr += sizeof(long), laddr += m, len -= m;
656 n = MIN(len, PAGSIZ);
657 n = MIN(n, ((addr + PAGSIZ) & PAGMASK) - addr);
658 if (ptrace(PTRACE_READDATA, pid,
659 (char *) addr, len, laddr) < 0) {
660 perror("umoven: ptrace(PTRACE_READDATA, ...)");
672 #ifdef HAVE_MP_PROCFS
673 int fd = tcp->pfd_as;
677 lseek(fd, addr, SEEK_SET);
678 if (read(fd, laddr, len) == -1)
680 #endif /* USE_PROCFS */
686 * like `umove' but make the additional effort of looking
687 * for a terminating zero byte.
690 umovestr(tcp, addr, len, laddr)
697 #ifdef HAVE_MP_PROCFS
698 int fd = tcp->pfd_as;
702 /* Some systems (e.g. FreeBSD) can be upset if we read off the
703 end of valid memory, avoid this by trying to read up
704 to page boundaries. But we don't know what a page is (and
705 getpagesize(2) (if it exists) doesn't necessarily return
706 hardware page size). Assume all pages >= 1024 (a-historical
709 int page = 1024; /* How to find this? */
710 int move = page - (addr & (page - 1));
713 lseek(fd, addr, SEEK_SET);
716 if (move > left) move = left;
717 if ((move = read(fd, laddr, move)) <= 0)
718 return left != len ? 0 : -1;
719 if (memchr (laddr, 0, move)) break;
725 #else /* !USE_PROCFS */
731 char x[sizeof(long)];
734 if (addr & (sizeof(long) - 1)) {
735 /* addr not a multiple of sizeof(long) */
736 n = addr - (addr & -sizeof(long)); /* residue */
737 addr &= -sizeof(long); /* residue */
739 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *)addr, 0);
741 if (started && (errno==EPERM || errno==EIO)) {
742 /* Ran into 'end of memory' - stupid "printpath" */
749 memcpy(laddr, &u.x[n], m = MIN(sizeof(long)-n,len));
750 while (n & (sizeof(long) - 1))
751 if (u.x[n++] == '\0')
753 addr += sizeof(long), laddr += m, len -= m;
757 u.val = ptrace(PTRACE_PEEKDATA, pid, (char *)addr, 0);
759 if (started && (errno==EPERM || errno==EIO)) {
760 /* Ran into 'end of memory' - stupid "printpath" */
767 memcpy(laddr, u.x, m = MIN(sizeof(long), len));
768 for (i = 0; i < sizeof(long); i++)
772 addr += sizeof(long), laddr += m, len -= m;
774 #endif /* !USE_PROCFS */
780 #define PTRACE_WRITETEXT 101
781 #define PTRACE_WRITEDATA 102
788 uload(cmd, pid, addr, len, laddr)
799 n = MIN(len, PAGSIZ);
800 n = MIN(n, ((addr + PAGSIZ) & PAGMASK) - addr);
801 if (ptrace(cmd, pid, (char *)addr, n, laddr) < 0) {
802 perror("uload: ptrace(PTRACE_WRITE, ...)");
814 char x[sizeof(long)];
817 if (cmd == PTRACE_WRITETEXT) {
818 peek = PTRACE_PEEKTEXT;
819 poke = PTRACE_POKETEXT;
822 peek = PTRACE_PEEKDATA;
823 poke = PTRACE_POKEDATA;
825 if (addr & (sizeof(long) - 1)) {
826 /* addr not a multiple of sizeof(long) */
827 n = addr - (addr & -sizeof(long)); /* residue */
828 addr &= -sizeof(long);
830 u.val = ptrace(peek, pid, (char *) addr, 0);
832 perror("uload: POKE");
835 memcpy(&u.x[n], laddr, m = MIN(sizeof(long) - n, len));
836 if (ptrace(poke, pid, (char *)addr, u.val) < 0) {
837 perror("uload: POKE");
840 addr += sizeof(long), laddr += m, len -= m;
843 if (len < sizeof(long))
844 u.val = ptrace(peek, pid, (char *) addr, 0);
845 memcpy(u.x, laddr, m = MIN(sizeof(long), len));
846 if (ptrace(poke, pid, (char *) addr, u.val) < 0) {
847 perror("uload: POKE");
850 addr += sizeof(long), laddr += m, len -= m;
857 tload(pid, addr, len, laddr)
862 return uload(PTRACE_WRITETEXT, pid, addr, len, laddr);
866 dload(pid, addr, len, laddr)
872 return uload(PTRACE_WRITEDATA, pid, addr, len, laddr);
887 #ifdef SUNOS4_KERNEL_ARCH_KLUDGE
889 static int is_sun4m = -1;
892 /* Round up the usual suspects. */
893 if (is_sun4m == -1) {
894 if (uname(&name) < 0) {
895 perror("upeek: uname?");
898 is_sun4m = strcmp(name.machine, "sun4m") == 0;
900 extern struct xlat struct_user_offsets[];
903 for (x = struct_user_offsets; x->str; x++)
910 #endif /* SUNOS4_KERNEL_ARCH_KLUDGE */
912 val = ptrace(PTRACE_PEEKUSER, pid, (char *) off, 0);
913 if (val == -1 && errno) {
915 sprintf(buf,"upeek: ptrace(PTRACE_PEEKUSER,%d,%lu,0)",pid,off);
923 #endif /* !USE_PROCFS */
933 if (upeek(tcp->pid, 4*EIP, &pc) < 0)
935 #elif defined(X86_64)
936 if (upeek(tcp->pid, 8*RIP, &pc) < 0)
939 if (upeek(tcp->pid, PT_B0, &pc) < 0)
942 if (upeek(tcp->pid, 4*15, &pc) < 0)
944 #elif defined(POWERPC)
945 if (upeek(tcp->pid, sizeof(unsigned long)*PT_NIP, &pc) < 0)
948 if (upeek(tcp->pid, 4*PT_PC, &pc) < 0)
951 if (upeek(tcp->pid, REG_PC, &pc) < 0)
954 if (upeek(tcp->pid, REG_EPC, &pc) < 0)
958 if (ptrace(PTRACE_GETREGS,tcp->pid,(char *)®s,0) < 0)
961 #elif defined(S390) || defined(S390X)
962 if(upeek(tcp->pid,PT_PSWADDR,&pc) < 0)
965 if(upeek(tcp->pid,PT_IAOQ0,&pc) < 0)
968 if (upeek(tcp->pid, 4*REG_PC ,&pc) < 0)
976 * Return current program counter for `pid'
977 * Assumes PC is never 0xffffffff
981 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *) ®s, 0) < 0) {
982 perror("getpc: ptrace(PTRACE_GETREGS, ...)");
995 pread(tcp->pfd_reg, ®s, sizeof(regs), 0);
1009 if (upeek(tcp->pid, 4*EIP, &eip) < 0) {
1010 tprintf("[????????] ");
1013 tprintf("[%08lx] ", eip);
1014 #elif defined(X86_64)
1017 if (upeek(tcp->pid, 8*RIP, &rip) < 0) {
1018 tprintf("[????????] ");
1021 tprintf("[%16lx] ", rip);
1025 if (upeek(tcp->pid, PT_B0, &ip) < 0) {
1026 tprintf("[????????] ");
1029 tprintf("[%08lx] ", ip);
1030 #elif defined(POWERPC)
1033 if (upeek(tcp->pid, sizeof(unsigned long)*PT_NIP, &pc) < 0) {
1034 tprintf ("[????????] ");
1037 tprintf("[%08lx] ", pc);
1041 if (upeek(tcp->pid, 4*PT_PC, &pc) < 0) {
1042 tprintf ("[????????] ");
1045 tprintf("[%08lx] ", pc);
1046 #elif defined(ALPHA)
1049 if (upeek(tcp->pid, REG_PC, &pc) < 0) {
1050 tprintf ("[????????] ");
1053 tprintf("[%08lx] ", pc);
1054 #elif defined(SPARC)
1056 if (ptrace(PTRACE_GETREGS,tcp->pid,(char *)®s,0) < 0) {
1057 tprintf("[????????] ");
1060 tprintf("[%08lx] ", regs.r_pc);
1064 if(upeek(tcp->pid,PT_IAOQ0,&pc) < 0) {
1065 tprintf ("[????????] ");
1068 tprintf("[%08lx] ", pc);
1072 if (upeek(tcp->pid, REG_EPC, &pc) < 0) {
1073 tprintf ("[????????] ");
1076 tprintf("[%08lx] ", pc);
1080 if (upeek(tcp->pid, 4*REG_PC, &pc) < 0) {
1081 tprintf ("[????????] ");
1084 tprintf("[%08lx] ", pc);
1085 #endif /* !architecture */
1091 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *) ®s, 0) < 0) {
1092 perror("printcall: ptrace(PTRACE_GETREGS, ...)");
1093 tprintf("[????????] ");
1096 tprintf("[%08x] ", regs.r_o7);
1101 tprintf("[????????] ");
1106 pread(tcp->pfd_reg, ®s, sizeof(regs), 0);
1107 tprintf("[%08x] ", regs.r_eip);
1108 #endif /* FREEBSD */
1115 #include <sys/syscall.h>
1116 #ifndef CLONE_PTRACE
1117 # define CLONE_PTRACE 0x00002000
1122 typedef unsigned long *arg_setup_state;
1125 arg_setup(struct tcb *tcp, arg_setup_state *state)
1127 unsigned long *bsp, cfm, sof, sol;
1129 if (upeek(tcp->pid, PT_AR_BSP, (long *) &bsp) < 0)
1131 if (upeek(tcp->pid, PT_CFM, (long *) &cfm) < 0)
1134 sof = (cfm >> 0) & 0x7f;
1135 sol = (cfm >> 7) & 0x7f;
1136 bsp = ia64_rse_skip_regs(bsp, -sof + sol);
1142 # define arg_finish_change(tcp, state) 0
1146 get_arg0 (struct tcb *tcp, arg_setup_state *state, long *valp)
1148 return umoven (tcp, (unsigned long) ia64_rse_skip_regs(*state, 0),
1149 sizeof(long), (void *) valp);
1153 get_arg1 (struct tcb *tcp, arg_setup_state *state, long *valp)
1155 return umoven (tcp, (unsigned long) ia64_rse_skip_regs(*state, 1),
1156 sizeof(long), (void *) valp);
1161 set_arg0 (struct tcb *tcp, arg_setup_state *state, long val)
1164 ap = ia64_rse_skip_regs(*state, 0);
1166 ptrace(PTRACE_POKEDATA, tcp->pid, (void *) ap, val);
1167 return errno ? -1 : 0;
1171 set_arg1 (struct tcb *tcp, arg_setup_state *state, long val)
1174 ap = ia64_rse_skip_regs(*state, 1);
1176 ptrace(PTRACE_POKEDATA, tcp->pid, (void *) ap, val);
1177 return errno ? -1 : 0;
1180 #elif defined (SPARC)
1182 typedef struct regs arg_setup_state;
1184 # define arg_setup(tcp, state) \
1185 (ptrace (PTRACE_GETREGS, tcp->pid, (char *) (state), 0))
1186 # define arg_finish_change(tcp, state) \
1187 (ptrace (PTRACE_SETREGS, tcp->pid, (char *) (state), 0))
1189 # define get_arg0(tcp, state, valp) (*(valp) = (state)->r_o0, 0)
1190 # define get_arg1(tcp, state, valp) (*(valp) = (state)->r_o1, 0)
1191 # define set_arg0(tcp, state, val) ((state)->r_o0 = (val), 0)
1192 # define set_arg1(tcp, state, val) ((state)->r_o1 = (val), 0)
1193 # define restore_arg0(tcp, state, val) 0
1197 # if defined S390 || defined S390X
1198 # define arg0_offset PT_ORIGGPR2
1199 # define arg1_offset PT_GPR2
1200 # define restore_arg0(tcp, state, val) 0
1201 # define restore_arg1(tcp, state, val) 0
1202 # elif defined (ALPHA) || defined (MIPS)
1203 # define arg0_offset REG_A0
1204 # define arg1_offset (REG_A0+1)
1205 # elif defined (POWERPC)
1206 # define arg0_offset (sizeof(unsigned long)*PT_R3)
1207 # define arg1_offset (sizeof(unsigned long)*PT_R4)
1208 # define restore_arg0(tcp, state, val) 0
1209 # elif defined (HPPA)
1210 # define arg0_offset PT_GR26
1211 # define arg1_offset (PT_GR26-4)
1212 # elif defined (X86_64)
1213 # define arg0_offset ((long)(8*(current_personality ? RBX : RDI)))
1214 # define arg1_offset ((long)(8*(current_personality ? RCX : RSI)))
1216 # define arg0_offset 0
1217 # define arg1_offset 4
1218 # if defined SH || defined ARM
1219 # define restore_arg0(tcp, state, val) 0
1223 typedef int arg_setup_state;
1225 # define arg_setup(tcp, state) (0)
1226 # define arg_finish_change(tcp, state) 0
1227 # define get_arg0(tcp, cookie, valp) \
1228 (upeek ((tcp)->pid, arg0_offset, (valp)))
1229 # define get_arg1(tcp, cookie, valp) \
1230 (upeek ((tcp)->pid, arg1_offset, (valp)))
1233 set_arg0 (struct tcb *tcp, void *cookie, long val)
1235 return ptrace (PTRACE_POKEUSER, tcp->pid, (char*)arg0_offset, val);
1239 set_arg1 (struct tcb *tcp, void *cookie, long val)
1241 return ptrace (PTRACE_POKEUSER, tcp->pid, (char*)arg1_offset, val);
1246 #ifndef restore_arg0
1247 # define restore_arg0(tcp, state, val) set_arg0((tcp), (state), (val))
1249 #ifndef restore_arg1
1250 # define restore_arg1(tcp, state, val) set_arg1((tcp), (state), (val))
1257 extern int change_syscall(struct tcb *, int);
1258 arg_setup_state state;
1260 if (tcp->flags & TCB_BPTSET) {
1261 fprintf(stderr, "PANIC: TCB already set in pid %u\n", tcp->pid);
1265 switch (tcp->scno) {
1271 if (arg_setup (tcp, &state) < 0
1272 || get_arg0 (tcp, &state, &tcp->inst[0]) < 0
1273 || get_arg1 (tcp, &state, &tcp->inst[1]) < 0
1274 || change_syscall(tcp, SYS_clone) < 0
1275 || set_arg0 (tcp, &state, CLONE_PTRACE|SIGCHLD) < 0
1276 || set_arg1 (tcp, &state, 0) < 0
1277 || arg_finish_change (tcp, &state) < 0)
1279 tcp->u_arg[0] = CLONE_PTRACE|SIGCHLD;
1281 tcp->flags |= TCB_BPTSET;
1289 if ((tcp->u_arg[0] & CLONE_PTRACE) == 0
1290 && (arg_setup (tcp, &state) < 0
1291 || set_arg0 (tcp, &state, tcp->u_arg[0] | CLONE_PTRACE) < 0
1292 || arg_finish_change (tcp, &state) < 0))
1294 tcp->flags |= TCB_BPTSET;
1295 tcp->inst[0] = tcp->u_arg[0];
1296 tcp->inst[1] = tcp->u_arg[1];
1300 fprintf(stderr, "PANIC: setbpt for syscall %ld on %u???\n",
1301 tcp->scno, tcp->pid);
1312 arg_setup_state state;
1313 if (arg_setup (tcp, &state) < 0
1314 || restore_arg0 (tcp, &state, tcp->inst[0]) < 0
1315 || restore_arg1 (tcp, &state, tcp->inst[1]) < 0
1316 || arg_finish_change (tcp, &state))
1318 tcp->flags &= ~TCB_BPTSET;
1331 /* We simply use the SunOS breakpoint code. */
1334 #define LOOPA 0x30800000 /* ba,a 0 */
1336 if (tcp->flags & TCB_BPTSET) {
1337 fprintf(stderr, "PANIC: TCB already set in pid %u\n", tcp->pid);
1340 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *)®s, 0) < 0) {
1341 perror("setbpt: ptrace(PTRACE_GETREGS, ...)");
1344 tcp->baddr = regs.r_o7 + 8;
1346 tcp->inst[0] = ptrace(PTRACE_PEEKTEXT, tcp->pid, (char *)tcp->baddr, 0);
1348 perror("setbpt: ptrace(PTRACE_PEEKTEXT, ...)");
1353 * XXX - BRUTAL MODE ON
1354 * We cannot set a real BPT in the child, since it will not be
1355 * traced at the moment it will reach the trap and would probably
1356 * die with a core dump.
1357 * Thus, we are force our way in by taking out two instructions
1358 * and insert an eternal loop instead, in expectance of the SIGSTOP
1359 * generated by out PTRACE_ATTACH.
1360 * Of cause, if we evaporate ourselves in the middle of all this...
1363 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, LOOPA);
1365 perror("setbpt: ptrace(PTRACE_POKETEXT, ...)");
1368 tcp->flags |= TCB_BPTSET;
1373 # define LOOP 0x0000feeb
1374 if (tcp->flags & TCB_BPTSET) {
1375 fprintf(stderr, "PANIC: bpt already set in pid %u\n",
1379 if (upeek(tcp->pid, PT_CR_IIP, &tcp->baddr) < 0)
1382 fprintf(stderr, "[%d] setting bpt at %lx\n",
1383 tcp->pid, tcp->baddr);
1384 tcp->inst[0] = ptrace(PTRACE_PEEKTEXT, tcp->pid,
1385 (char *) tcp->baddr, 0);
1387 perror("setbpt: ptrace(PTRACE_PEEKTEXT, ...)");
1390 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, LOOP);
1392 perror("setbpt: ptrace(PTRACE_POKETEXT, ...)");
1395 tcp->flags |= TCB_BPTSET;
1398 * Our strategy here is to replace the bundle that
1399 * contained the clone() syscall with a bundle of the
1402 * { 1: br 1b; br 1b; br 1b }
1404 * This ensures that the newly forked child will loop
1405 * endlessly until we've got a chance to attach to it.
1407 # define LOOP0 0x0000100000000017
1408 # define LOOP1 0x4000000000200000
1409 unsigned long addr, ipsr;
1413 if (upeek(pid, PT_CR_IPSR, &ipsr) < 0)
1415 if (upeek(pid, PT_CR_IIP, &addr) < 0)
1417 /* store "ri" in low two bits */
1418 tcp->baddr = addr | ((ipsr >> 41) & 0x3);
1421 tcp->inst[0] = ptrace(PTRACE_PEEKTEXT, pid, (char *) addr + 0,
1423 tcp->inst[1] = ptrace(PTRACE_PEEKTEXT, pid, (char *) addr + 8,
1426 perror("setbpt: ptrace(PTRACE_PEEKTEXT, ...)");
1431 ptrace(PTRACE_POKETEXT, pid, (char *) addr + 0, LOOP0);
1432 ptrace(PTRACE_POKETEXT, pid, (char *) addr + 8, LOOP1);
1434 perror("setbpt: ptrace(PTRACE_POKETEXT, ...)");
1437 tcp->flags |= TCB_BPTSET;
1441 #if defined (I386) || defined(X86_64)
1442 #define LOOP 0x0000feeb
1443 #elif defined (M68K)
1444 #define LOOP 0x60fe0000
1445 #elif defined (ALPHA)
1446 #define LOOP 0xc3ffffff
1447 #elif defined (POWERPC)
1448 #define LOOP 0x48000000
1450 #define LOOP 0xEAFFFFFE
1452 #define LOOP 0x1000ffff
1454 #define LOOP 0xa7f40000 /* BRC 15,0 */
1455 #elif defined(S390X)
1456 #define LOOP 0xa7f4000000000000UL /* BRC 15,0 */
1458 #define LOOP 0xe81f1ff7 /* b,l,n <loc>,r0 */
1460 #ifdef __LITTLE_ENDIAN__
1461 #define LOOP 0x0000affe
1463 #define LOOP 0xfeaf0000
1466 #error unknown architecture
1469 if (tcp->flags & TCB_BPTSET) {
1470 fprintf(stderr, "PANIC: bpt already set in pid %u\n", tcp->pid);
1474 if (upeek(tcp->pid, 4*EIP, &tcp->baddr) < 0)
1476 #elif defined (X86_64)
1477 if (upeek(tcp->pid, 8*RIP, &tcp->baddr) < 0)
1479 #elif defined (M68K)
1480 if (upeek(tcp->pid, 4*PT_PC, &tcp->baddr) < 0)
1482 #elif defined (ALPHA)
1486 #elif defined (MIPS)
1487 return -1; /* FIXME: I do not know what i do - Flo */
1488 #elif defined (POWERPC)
1489 if (upeek(tcp->pid, sizeof(unsigned long)*PT_NIP, &tcp->baddr) < 0)
1491 #elif defined(S390) || defined(S390X)
1492 if (upeek(tcp->pid,PT_PSWADDR, &tcp->baddr) < 0)
1495 if (upeek(tcp->pid, PT_IAOQ0, &tcp->baddr) < 0)
1497 tcp->baddr &= ~0x03;
1499 if (upeek(tcp->pid, 4*REG_PC, &tcp->baddr) < 0)
1502 #error unknown architecture
1505 fprintf(stderr, "[%d] setting bpt at %lx\n", tcp->pid, tcp->baddr);
1506 tcp->inst[0] = ptrace(PTRACE_PEEKTEXT, tcp->pid, (char *) tcp->baddr, 0);
1508 perror("setbpt: ptrace(PTRACE_PEEKTEXT, ...)");
1511 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, LOOP);
1513 perror("setbpt: ptrace(PTRACE_POKETEXT, ...)");
1516 tcp->flags |= TCB_BPTSET;
1523 #ifdef SPARC /* This code is slightly sparc specific */
1526 #define BPT 0x91d02001 /* ta 1 */
1527 #define LOOP 0x10800000 /* ba 0 */
1528 #define LOOPA 0x30800000 /* ba,a 0 */
1529 #define NOP 0x01000000
1531 static int loopdeloop[1] = {LOOPA};
1533 static int loopdeloop[2] = {LOOP, NOP};
1536 if (tcp->flags & TCB_BPTSET) {
1537 fprintf(stderr, "PANIC: TCB already set in pid %u\n", tcp->pid);
1540 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *)®s, 0) < 0) {
1541 perror("setbpt: ptrace(PTRACE_GETREGS, ...)");
1544 tcp->baddr = regs.r_o7 + 8;
1545 if (ptrace(PTRACE_READTEXT, tcp->pid, (char *)tcp->baddr,
1546 sizeof tcp->inst, (char *)tcp->inst) < 0) {
1547 perror("setbpt: ptrace(PTRACE_READTEXT, ...)");
1552 * XXX - BRUTAL MODE ON
1553 * We cannot set a real BPT in the child, since it will not be
1554 * traced at the moment it will reach the trap and would probably
1555 * die with a core dump.
1556 * Thus, we are force our way in by taking out two instructions
1557 * and insert an eternal loop in stead, in expectance of the SIGSTOP
1558 * generated by out PTRACE_ATTACH.
1559 * Of cause, if we evaporate ourselves in the middle of all this...
1561 if (ptrace(PTRACE_WRITETEXT, tcp->pid, (char *) tcp->baddr,
1562 sizeof loopdeloop, (char *) loopdeloop) < 0) {
1563 perror("setbpt: ptrace(PTRACE_WRITETEXT, ...)");
1566 tcp->flags |= TCB_BPTSET;
1580 #if defined(I386) || defined(X86_64)
1582 #elif defined(POWERPC)
1586 #elif defined(ALPHA)
1592 #endif /* architecture */
1595 /* Again, we borrow the SunOS breakpoint code. */
1596 if (!(tcp->flags & TCB_BPTSET)) {
1597 fprintf(stderr, "PANIC: TCB not set in pid %u\n", tcp->pid);
1601 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, tcp->inst[0]);
1603 perror("clearbtp: ptrace(PTRACE_POKETEXT, ...)");
1606 tcp->flags &= ~TCB_BPTSET;
1612 fprintf(stderr, "[%d] clearing bpt\n", tcp->pid);
1613 if (!(tcp->flags & TCB_BPTSET)) {
1614 fprintf(stderr, "PANIC: TCB not set in pid %u\n", tcp->pid);
1618 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, tcp->inst[0]);
1620 perror("clearbtp: ptrace(PTRACE_POKETEXT, ...)");
1623 tcp->flags &= ~TCB_BPTSET;
1625 if (upeek(tcp->pid, PT_CR_IIP, &addr) < 0)
1627 if (addr != tcp->baddr) {
1628 /* The breakpoint has not been reached yet. */
1631 "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1636 unsigned long addr, ipsr;
1641 if (upeek(pid, PT_CR_IPSR, &ipsr) < 0)
1643 if (upeek(pid, PT_CR_IIP, &addr) < 0)
1646 /* restore original bundle: */
1648 ptrace(PTRACE_POKETEXT, pid, (char *) addr + 0, tcp->inst[0]);
1649 ptrace(PTRACE_POKETEXT, pid, (char *) addr + 8, tcp->inst[1]);
1651 perror("clearbpt: ptrace(PTRACE_POKETEXT, ...)");
1655 /* restore original "ri" in ipsr: */
1656 ipsr = (ipsr & ~(0x3ul << 41)) | ((tcp->baddr & 0x3) << 41);
1658 ptrace(PTRACE_POKEUSER, pid, (char *) PT_CR_IPSR, ipsr);
1660 perror("clrbpt: ptrace(PTRACE_POKEUSER, ...)");
1664 tcp->flags &= ~TCB_BPTSET;
1666 if (addr != (tcp->baddr & ~0x3)) {
1667 /* the breakpoint has not been reached yet. */
1669 fprintf(stderr, "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1674 #else /* !IA64 && ! SPARC */
1677 fprintf(stderr, "[%d] clearing bpt\n", tcp->pid);
1678 if (!(tcp->flags & TCB_BPTSET)) {
1679 fprintf(stderr, "PANIC: TCB not set in pid %u\n", tcp->pid);
1683 ptrace(PTRACE_POKETEXT, tcp->pid, (char *) tcp->baddr, tcp->inst[0]);
1685 perror("clearbtp: ptrace(PTRACE_POKETEXT, ...)");
1688 tcp->flags &= ~TCB_BPTSET;
1691 if (upeek(tcp->pid, 4*EIP, &eip) < 0)
1693 if (eip != tcp->baddr) {
1694 /* The breakpoint has not been reached yet. */
1697 "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1701 #elif defined(X86_64)
1702 if (upeek(tcp->pid, 8*RIP, &eip) < 0)
1704 if (eip != tcp->baddr) {
1705 /* The breakpoint has not been reached yet. */
1708 "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1712 #elif defined(POWERPC)
1713 if (upeek(tcp->pid, sizeof(unsigned long)*PT_NIP, &pc) < 0)
1715 if (pc != tcp->baddr) {
1716 /* The breakpoint has not been reached yet. */
1718 fprintf(stderr, "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1723 if (upeek(tcp->pid, 4*PT_PC, &pc) < 0)
1725 if (pc != tcp->baddr) {
1726 /* The breakpoint has not been reached yet. */
1728 fprintf(stderr, "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1732 #elif defined(ALPHA)
1733 if (upeek(tcp->pid, REG_PC, &pc) < 0)
1735 if (pc != tcp->baddr) {
1736 /* The breakpoint has not been reached yet. */
1738 fprintf(stderr, "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1743 if (upeek(tcp->pid, PT_IAOQ0, &iaoq) < 0)
1746 if (iaoq != tcp->baddr && iaoq != tcp->baddr + 4) {
1747 /* The breakpoint has not been reached yet. */
1749 fprintf(stderr, "NOTE: PC not at bpt (iaoq %#lx baddr %#lx)\n",
1753 iaoq = tcp->baddr | 3;
1754 /* We should be pointing at a 'ldi -1000,r1' in glibc, so it is
1755 * safe to set both IAOQ0 and IAOQ1 to that so the PSW N bit
1756 * has no significant effect.
1758 ptrace(PTRACE_POKEUSER, tcp->pid, (void *)PT_IAOQ0, iaoq);
1759 ptrace(PTRACE_POKEUSER, tcp->pid, (void *)PT_IAOQ1, iaoq);
1761 if (upeek(tcp->pid, 4*REG_PC, &pc) < 0)
1763 if (pc != tcp->baddr) {
1764 /* The breakpoint has not been reached yet. */
1766 fprintf(stderr, "NOTE: PC not at bpt (pc %#lx baddr %#lx)\n",
1772 #endif /* !SPARC && !IA64 */
1782 if (!(tcp->flags & TCB_BPTSET)) {
1783 fprintf(stderr, "PANIC: TCB not set in pid %u\n", tcp->pid);
1786 if (ptrace(PTRACE_WRITETEXT, tcp->pid, (char *) tcp->baddr,
1787 sizeof tcp->inst, (char *) tcp->inst) < 0) {
1788 perror("clearbtp: ptrace(PTRACE_WRITETEXT, ...)");
1791 tcp->flags &= ~TCB_BPTSET;
1795 * Since we don't have a single instruction breakpoint, we may have
1796 * to adjust the program counter after removing the our `breakpoint'.
1798 if (ptrace(PTRACE_GETREGS, tcp->pid, (char *)®s, 0) < 0) {
1799 perror("clearbpt: ptrace(PTRACE_GETREGS, ...)");
1802 if ((regs.r_pc < tcp->baddr) ||
1803 (regs.r_pc > tcp->baddr + 4)) {
1804 /* The breakpoint has not been reached yet */
1807 "NOTE: PC not at bpt (pc %#x baddr %#x)\n",
1808 regs.r_pc, tcp->parent->baddr);
1811 if (regs.r_pc != tcp->baddr)
1813 fprintf(stderr, "NOTE: PC adjusted (%#x -> %#x\n",
1814 regs.r_pc, tcp->baddr);
1816 regs.r_pc = tcp->baddr;
1817 if (ptrace(PTRACE_SETREGS, tcp->pid, (char *)®s, 0) < 0) {
1818 perror("clearbpt: ptrace(PTRACE_SETREGS, ...)");
1830 #endif /* !USE_PROCFS */
1841 for (n = 0; n < sizeof *hdr; n += 4) {
1843 if (upeek(pid, uoff(u_exdata) + n, &res) < 0)
1845 memcpy(((char *) hdr) + n, &res, 4);
1848 fprintf(stderr, "[struct exec: magic: %o version %u Mach %o\n",
1849 hdr->a_magic, hdr->a_toolversion, hdr->a_machtype);
1850 fprintf(stderr, "Text %lu Data %lu Bss %lu Syms %lu Entry %#lx]\n",
1851 hdr->a_text, hdr->a_data, hdr->a_bss, hdr->a_syms, hdr->a_entry);
1862 * Change `vfork' in a freshly exec'ed dynamically linked
1863 * executable's (internal) symbol table to plain old `fork'
1867 struct link_dynamic dyn;
1868 struct link_dynamic_2 ld;
1871 if (getex(pid, &hdr) < 0)
1876 if (umove(tcp, (int) N_DATADDR(hdr), &dyn) < 0) {
1877 fprintf(stderr, "Cannot read DYNAMIC\n");
1880 if (umove(tcp, (int) dyn.ld_un.ld_2, &ld) < 0) {
1881 fprintf(stderr, "Cannot read link_dynamic_2\n");
1884 if ((strtab = malloc((unsigned)ld.ld_symb_size)) == NULL) {
1885 fprintf(stderr, "fixvfork: out of memory\n");
1888 if (umoven(tcp, (int)ld.ld_symbols+(int)N_TXTADDR(hdr),
1889 (int)ld.ld_symb_size, strtab) < 0)
1893 for (cp = strtab; cp < strtab + ld.ld_symb_size; ) {
1894 fprintf(stderr, "[symbol: %s]\n", cp);
1899 for (cp = strtab; cp < strtab + ld.ld_symb_size; ) {
1900 if (strcmp(cp, "_vfork") == 0) {
1902 fprintf(stderr, "fixvfork: FOUND _vfork\n");
1903 strcpy(cp, "_fork");
1908 if (cp < strtab + ld.ld_symb_size)
1910 * Write entire symbol table back to avoid
1911 * memory alignment bugs in ptrace
1913 if (tload(pid, (int)ld.ld_symbols+(int)N_TXTADDR(hdr),
1914 (int)ld.ld_symb_size, strtab) < 0)