[lug] Stack trace question
stimits at idcomm.com
Wed Aug 16 22:42:29 MDT 2000
Dan Wilson wrote:
> D. Stimits
> >references. One can disassemble almost anything, but it doesn't
> >question is whether tracing is going to be a one-way or two-way thing.
> >Do unknown functions have to get info from yours, or does yours have to
> >get info from others?
> This is one way. just myfunction() from myfunction.so will examine
> the stack and associated modules.
> I think I am much closer to finding my answer. If I get the pid I can
> look at /proc/pid/maps which tells me which modules are loaded and where.
> Now I just need to get the stack from myfunction() to the top and see
> where each function lands in the range that I have from /proc/pid/maps. So
> my question is now only how do
> I get the stack trace. I need the address. I think I must write an assembly
> code to walk through the stack.
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
I doubt you will need to use assembler. If you look at the man page for
ptrace(), you'll seem some very assembler-like functions, variations on
"poke" and "peek". If you know the registers or addresses that are
relevant, you can directly observer (or even alter) values that way.
Observing everything that goes on is the very purpose of ptrace().
More information about the LUG