On Sun, Dec 09, 2007 at 07:59:59AM +0200, Shachar Shemesh wrote: > >You are leaving out the last two arguments of ptrace() in the parent, > The man page says I'm allowed to do so in case the other arguments are > not used.
But they are. > > so > >they take garbage values, causing an unknown signal to be sent to the > >child. Try it with > > > > ptrace(PTRACE_SYSCALL, ret, 0, 0); > > > Yes, that worked. What I don't understand, however, is why it worked. > While the man page for PTRACE_SYSCALL mentions that "addr" is ignored > (implying that "data" isn't), it does not actually tell me what the > content of data is. For PTRACE_CONT, the man page says ``if data is non-zero and not SIGSTOP, it is interpreted as a signal to be delivered to the child''. It goes on to say that PTRACE_SYSCALL ``restarts the stopped child as for PTRACE_CONT''. Same for PTRACE_SINGLESTEP. > When I tried writing "5" into data (i.e. - SIGTRAP) the next "wait" > returns with "Process exited with signal 5". It seems to be that when > the data field is non-empty, the signal number I write there is actually > delivered to the debugged process, but that is not documented in the > manual, as far as I could see. See above. > >That's because ptrace(PTRACE_TRACEME) does not stop the process. If you > >want it stopped immediately after the ptrace() call, you need to do it > >yourself; e.g. send yourself a STOP signal. > > > Is it being traced in any other reliable point? I now understand that > the point it stops is when the first signal is being received, but I'm > not sure whether "exec" guarantees that such a signal actually happens, > or whether I should really send one myself. It's being traced, it's just not stopped. exec() is a special case, as documented: ``all subsequent calls to exec() by this process will cause a SIGTRAP to be sent to it''. If you want to catch system calls made before the exec() (like anything that printf() you added does), you need to explicitly stop the process. ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
