Hi, I'm making a little debugger using ptrace(). The soft is trivial, it just fork() and runs the traced process via execve(). To break into the traced process, I use i386_set_watch()+ptrace() and choosed to break on execution. But it's here that I'm stucked: it breaks forever on the same instruction. I've read some docs and saw that I have to use the 'Resume flag' from the EFLAGS register. But, according to the Intel IA-32 documentation, this flag can only be set/unset by kernel code and the only way for a debugger to modify it is to modify the stack image of the EFLAGS register. But, there's nothing in the stack so I think (and it was confirmed by a friend) that the image is stored in a 'kernel-land stack'.
So, my question is simple: how can I set the 'Resume flag' from an userland soft (without having to be root) ? Hope I was clear enough :) Thanks. -- Aurelien
msg38814/pgp00000.pgp
Description: PGP signature
