Re: Accessing x86 general-purpose registers

[Michael Chastain <mec.gnu@mindspring.com>]

"Hanson, Jonathan M" <jonathan.m.hanson@intel.com> wrote:
> In include/asm-i386/user.h is a structure called struct user
> with a member struct user_pt_regs, which is where GDB gets the general
> purpose register information for a program being debugged. I can see
> nowhere else in the kernel where this structure is written to. How is
> this information populated? Is there a way I can access this structure
> from the kernel itself?

It's been a while since I've read this code (others have probably
seen it a lot more recently) --

Look for the system call entry code in arch/i386/kernel/entry.S,
particularly ENTRY(system_call) and ENTRY(sysenter_entry).

When a program makes a system call, the process enters the kernel.
It helps to think of the kernel as a big shared library rather
than a separate process.  Nearly the first thing that the process
does is to save the values of all the user-space registers with
the SAVE_ALL macro.  That's how the user register structure is
populated.

The user register structure is valid only if the target process
is inside the kernel.  If the target process is not inside the
kernel (like, it's doing normal computation), then its registers
are not available in this way.

Most system calls operate only on the process that made the call,
and that process is guaranteed to be executing kernel code if
it's inside the kernel, kind of trivially.  ptrace(2) is the only
system call that I know that operates on a different process,
so ptrace(2) has to jump through hoops to access registers and
memory in a different process.

Hope this helps,

Michael Chastain