From: Pedro Alves <pedro@codesourcery.com>
To: gdb-patches@sourceware.org, Eli Zaretskii <eliz@gnu.org>
Cc: bauerman@br.ibm.com, sergiodj@linux.vnet.ibm.com
Subject: Re: [PATCH 1/4] 'catch syscall' feature -- Architecture-independent part
Date: Wed, 05 Nov 2008 21:10:00 -0000 [thread overview]
Message-ID: <200811052109.29724.pedro@codesourcery.com> (raw)
In-Reply-To: <ud4h9ud2n.fsf@gnu.org>
On Wednesday 05 November 2008 20:34:24, Eli Zaretskii wrote:
> I don't think `ReadFile', the Windows equivalent of `read', calls Int
> 2Eh to read a file. If you know differently, please tell the details.
I don't understand what we're arguing about. I'm not against making
it so that a syscall is identified by string instead of number, if
it's such a hard design decision that makes it impossible to
change things later on.
In NT the Win32 API functions are regular functions that are
implemented on top of OS services. The kernel knows nothing about the
win32 API. E.g., the ReadFile function is a wrapper around
the user land NtReadFile, which itself is what does the syscall. You
can write NT programs without touching the win32 api. Heck,
cygwin.dll is moving away from it.
There are thousands of win32 functions, spread across a big
number of dlls that the user could want to break on, in the use
case we're talking about. Which of those would you consider
candidates to place a breakpoint for "catch syscall"? All of them?
Yes, we could probably implement "catch syscall" on Windows by
placing a breakpoint on each of these functions:
http://www.metasploit.com/users/opcode/syscalls.html
... this to me is the list of functions that makes sense to
break at with "catch syscall". In this case, the win32 specific
code to implement the feature would probably map the numbers
to the function names as well --- the set is bounded.
But, as you say, most Windows developers aren't that
interested in these.
I believe that what you want (and I'd like to have it too), is
the ability to easily break on all functions of a given Dll. Something
like 'rbreak -public kernel32.dll!' (I believe minimal symbols for dlls
we don't have debug info for, are prefixed with the dll name like
that, by extracting the function names from the import table, but
I'm not sure where that's user visible). Maybe even fold that ability
to the 'break' command, and bind all locations to a simple
breakpoint with multiple locations. I don't see why this couldn't
be implemented on unix as well, for any '.so'. -- but this isn't
catching a "system call". I think it would it look strange to do
catch syscall "MyDll.dll" to catch all "system functions" in
MyDll.dll, for example.
--
Pedro Alves
next prev parent reply other threads:[~2008-11-05 21:10 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-11-04 4:32 Sérgio Durigan Júnior
2008-11-04 16:17 ` Pedro Alves
2008-11-07 3:30 ` Sérgio Durigan Júnior
2008-11-07 12:12 ` Pedro Alves
2008-11-07 13:30 ` Daniel Jacobowitz
2008-11-08 15:35 ` Sérgio Durigan Júnior
2008-11-04 17:57 ` Tom Tromey
2008-11-04 21:55 ` Thiago Jung Bauermann
2008-11-04 22:33 ` Tom Tromey
2008-11-05 19:05 ` Tom Tromey
2008-11-05 19:13 ` Sérgio Durigan Júnior
2008-11-07 3:41 ` Sérgio Durigan Júnior
2008-11-07 3:39 ` Sérgio Durigan Júnior
2008-11-07 18:21 ` Tom Tromey
2008-11-04 21:13 ` Eli Zaretskii
2008-11-04 22:12 ` Thiago Jung Bauermann
2008-11-04 22:22 ` Eli Zaretskii
2008-11-04 22:35 ` Daniel Jacobowitz
2008-11-05 4:19 ` Eli Zaretskii
2008-11-05 13:34 ` Sérgio Durigan Júnior
2008-11-05 18:42 ` Eli Zaretskii
2008-11-08 19:31 ` Mark Kettenis
2008-11-05 14:55 ` Daniel Jacobowitz
2008-11-05 18:43 ` Eli Zaretskii
2008-11-05 18:59 ` Daniel Jacobowitz
2008-11-05 19:11 ` Eli Zaretskii
2008-11-06 23:03 ` Mark Kettenis
2008-11-04 22:31 ` Pedro Alves
2008-11-05 4:10 ` Eli Zaretskii
2008-11-05 12:29 ` Pedro Alves
2008-11-05 18:38 ` Eli Zaretskii
2008-11-05 18:57 ` Pedro Alves
2008-11-05 19:10 ` Eli Zaretskii
2008-11-05 19:34 ` Pedro Alves
2008-11-05 20:36 ` Eli Zaretskii
2008-11-05 21:10 ` Pedro Alves [this message]
2008-11-06 4:27 ` Eli Zaretskii
2008-11-06 14:32 ` Pedro Alves
2008-11-07 9:59 ` Eli Zaretskii
2008-11-07 10:10 ` Pedro Alves
2008-11-05 13:32 ` Mark Kettenis
-- strict thread matches above, loose matches on Subject: below --
2008-09-30 18:12 Sérgio Durigan Júnior
2008-10-02 21:13 ` Joel Brobecker
2008-10-03 2:33 ` Sérgio Durigan Júnior
2008-10-03 6:07 ` Joel Brobecker
2008-10-03 17:52 ` Daniel Jacobowitz
2008-10-04 23:07 ` Sérgio Durigan Júnior
2008-10-04 23:04 ` Sérgio Durigan Júnior
2008-10-06 17:22 ` Joel Brobecker
2008-10-10 13:12 ` Daniel Jacobowitz
2008-10-10 15:28 ` Sérgio Durigan Júnior
2008-10-12 2:26 ` Sérgio Durigan Júnior
2008-10-15 5:40 ` Joel Brobecker
2008-10-16 3:35 ` Sérgio Durigan Júnior
2008-10-16 12:37 ` Daniel Jacobowitz
2008-10-16 15:17 ` Daniel Jacobowitz
2008-10-16 16:28 ` Joel Brobecker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200811052109.29724.pedro@codesourcery.com \
--to=pedro@codesourcery.com \
--cc=bauerman@br.ibm.com \
--cc=eliz@gnu.org \
--cc=gdb-patches@sourceware.org \
--cc=sergiodj@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox