how GDB use ptrace to return from a function

Mirror of the gdb mailing list
 help / color / mirror / Atom feed

* how GDB use ptrace to return from a function
@ 2017-11-17  6:44 Yubin Ruan
  2017-11-17 16:11 ` Joel Brobecker
  0 siblings, 1 reply; 6+ messages in thread
From: Yubin Ruan @ 2017-11-17  6:44 UTC (permalink / raw)
  To: gdb

Hi GDB developer ;-)

I am writing a toy debugger and currently looking into the GDB source
because I want to know: after setting the tracee's registers and
trying to let it execute a function with ptrace(PTRACE_CONT, ...), how
can the tracee return to the tracer?

Currently I manipulate the tracee's stack and place a NULL return
address there (I am on X86), so that after ptrace(PTRACE_CONT, ...),
the tracee will execute a function and return, at which point a SIGSEV
is generated (because the return address is NULL), so tracee will be
caught by the tracer again.

I don't know whether GDB is using this kind of technique. If anyone
know that, can you enlighten me, and probably point me to the source?

Yubin

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: how GDB use ptrace to return from a function
  2017-11-17  6:44 how GDB use ptrace to return from a function Yubin Ruan
@ 2017-11-17 16:11 ` Joel Brobecker
  2017-11-18  3:46   ` Yubin Ruan
  0 siblings, 1 reply; 6+ messages in thread
From: Joel Brobecker @ 2017-11-17 16:11 UTC (permalink / raw)
  To: Yubin Ruan; +Cc: gdb

> I don't know whether GDB is using this kind of technique. If anyone
> know that, can you enlighten me, and probably point me to the source?

GDB sets the call up so that the return address is at specific
location (usually the program's entry point, but that's arch-
dependent), and then places a breakpoint at that address. It
then knows, when receiving the corresponding breakpoint event,
that a breakpoint at that address corresponds to the end of
the function that we called.

-- 
Joel

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: how GDB use ptrace to return from a function
  2017-11-17 16:11 ` Joel Brobecker
@ 2017-11-18  3:46   ` Yubin Ruan
  2017-11-18  4:03     ` Joel Brobecker
  0 siblings, 1 reply; 6+ messages in thread
From: Yubin Ruan @ 2017-11-18  3:46 UTC (permalink / raw)
  To: Joel Brobecker; +Cc: gdb

Thanks Joel,

2017-11-18 0:10 GMT+08:00 Joel Brobecker <brobecker@adacore.com>:
>> I don't know whether GDB is using this kind of technique. If anyone
>> know that, can you enlighten me, and probably point me to the source?
>
> GDB sets the call up so that the return address is at specific
> location (usually the program's entry point, but that's arch-
> dependent), and then places a breakpoint at that address. It
> then knows, when receiving the corresponding breakpoint event,
> that a breakpoint at that address corresponds to the end of
> the function that we called.

what break point events are common for X86?

Yubin


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: how GDB use ptrace to return from a function
  2017-11-18  3:46   ` Yubin Ruan
@ 2017-11-18  4:03     ` Joel Brobecker
  2017-11-18  4:20       ` Yubin Ruan
  2017-11-18  7:58       ` Jan Kratochvil
  0 siblings, 2 replies; 6+ messages in thread
From: Joel Brobecker @ 2017-11-18  4:03 UTC (permalink / raw)
  To: Yubin Ruan; +Cc: gdb

> what break point events are common for X86?

IIRC, the breakpoint instruction on x86 is the int3 instruction.
It should generate a SIGTRAP upon execution, just like any user-
inserted breakpoints.

-- 
Joel


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: how GDB use ptrace to return from a function
  2017-11-18  4:03     ` Joel Brobecker
@ 2017-11-18  4:20       ` Yubin Ruan
  2017-11-18  7:58       ` Jan Kratochvil
  1 sibling, 0 replies; 6+ messages in thread
From: Yubin Ruan @ 2017-11-18  4:20 UTC (permalink / raw)
  To: Joel Brobecker; +Cc: gdb

2017-11-18 12:03 GMT+08:00 Joel Brobecker <brobecker@adacore.com>:
>> what break point events are common for X86?
>
> IIRC, the breakpoint instruction on x86 is the int3 instruction.
> It should generate a SIGTRAP upon execution, just like any user-
> inserted breakpoints.

Thanks Joel ;-)

Yubin


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: how GDB use ptrace to return from a function
  2017-11-18  4:03     ` Joel Brobecker
  2017-11-18  4:20       ` Yubin Ruan
@ 2017-11-18  7:58       ` Jan Kratochvil
  1 sibling, 0 replies; 6+ messages in thread
From: Jan Kratochvil @ 2017-11-18  7:58 UTC (permalink / raw)
  To: Joel Brobecker; +Cc: Yubin Ruan, gdb

On Sat, 18 Nov 2017 05:03:11 +0100, Joel Brobecker wrote:
> > what break point events are common for X86?
> 
> IIRC, the breakpoint instruction on x86 is the int3 instruction.
> It should generate a SIGTRAP upon execution, just like any user-
> inserted breakpoints.

A toy debugger should have available also a hardware breakpoint (hbreak) using
the hardware registers commonly used only for hardware watchpoints.

Then the return address can be arbitrary as the debugger does not have to
write anything into that address.


Jan


^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2017-11-18  7:58 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-11-17  6:44 how GDB use ptrace to return from a function Yubin Ruan
2017-11-17 16:11 ` Joel Brobecker
2017-11-18  3:46   ` Yubin Ruan
2017-11-18  4:03     ` Joel Brobecker
2017-11-18  4:20       ` Yubin Ruan
2017-11-18  7:58       ` Jan Kratochvil

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox