From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 8544 invoked by alias); 5 Nov 2008 18:38:05 -0000 Received: (qmail 8533 invoked by uid 22791); 5 Nov 2008 18:38:04 -0000 X-Spam-Check-By: sourceware.org Received: from mtaout3.012.net.il (HELO mtaout3.012.net.il) (84.95.2.7) by sourceware.org (qpsmtpd/0.31) with ESMTP; Wed, 05 Nov 2008 18:37:23 +0000 Received: from conversion-daemon.i_mtaout3.012.net.il by i_mtaout3.012.net.il (HyperSendmail v2004.12) id <0K9V00B00IFQ6300@i_mtaout3.012.net.il> for gdb-patches@sourceware.org; Wed, 05 Nov 2008 20:39:02 +0200 (IST) Received: from HOME-C4E4A596F7 ([77.126.241.172]) by i_mtaout3.012.net.il (HyperSendmail v2004.12) with ESMTPA id <0K9V005KCIH2UF10@i_mtaout3.012.net.il>; Wed, 05 Nov 2008 20:39:02 +0200 (IST) Date: Wed, 05 Nov 2008 18:38:00 -0000 From: Eli Zaretskii Subject: Re: [PATCH 1/4] 'catch syscall' feature -- =?iso-8859-1?q?=09Architecture-independent=09part?= In-reply-to: <200811051228.29626.pedro@codesourcery.com> X-012-Sender: halo1@inter.net.il To: Pedro Alves Cc: gdb-patches@sourceware.org, bauerman@br.ibm.com, sergiodj@linux.vnet.ibm.com Reply-to: Eli Zaretskii Message-id: References: <1225773079.24532.52.camel@miki> <200811042230.27666.pedro@codesourcery.com> <200811051228.29626.pedro@codesourcery.com> X-IsSubscribed: yes Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2008-11/txt/msg00081.txt.bz2 > From: Pedro Alves > Date: Wed, 5 Nov 2008 12:28:29 +0000 > Cc: bauerman@br.ibm.com, sergiodj@linux.vnet.ibm.com > > > > strace-like tracers on Windows are usually more interested in > > > tracing calls to all kinds of dlls, and they usually do so by > > > playing games with the import tables, I believe. > > > > I was thinking about the latter, as that is what is usually > > interesting. > > Yes, but that falls into api-tracing land, which is a bit different > from syscall tracing. It's different in implementation details, but very similar in essence, as far as Joe Random Hacker is concerned. From the Windows programmer's POV, Windows APIs _are_ syscalls. > When using a debugger, if you're going to be attached to the > inferior anyway, it doesn't look like it's much interesting to have > it as a separate feature Sorry, I don't understand why. If you thought about setting a breakpoint on a Windows API call, then this is not a trivial matter, especially if you are not a Windows internals guru. > If someone would want to implement "catch syscall" for native > windows, I'd say that some form to catch real syscalls is what > would make more sense, because that's what you can't do with a > regular breakpoint. I find it hard to believe that catching Int 2Eh calls would be interesting to most Windows programmers. Unlike Linux, the Windows kernel implements only a tiny portion of useful services, the rest is mostly user-space DLLs. A radically different architecture calls for a radically different interpretation of what is a ``syscall''.