如何获得“回溯” (如 gdb)仅使用 ptrace(linux、x86/x86_64)
我想像 gdb 那样获得类似 backtrace 的输出。但我想直接通过 ptrace() 来完成此操作。我的平台是Linux,x86;以及后来的 x86_64。
现在我只想从堆栈中读取返回地址,而不转换为符号名称。
因此,对于测试程序,由 gcc-4.5 以 -O0 模式编译:
int g() {
kill(getpid(),SIGALRM);
}
int f() {
int a;
int b;
a = g();
b = a;
return a+b;
}
int e() {
int c;
c = f();
}
main() {
return e();
}
我将启动我的程序并与 ptrace 连接来测试程序一开始。然后,我将执行 PTRACE_CONT 并等待信号。测试程序何时会进行自杀;信号将被传递到我的程序。此时我想读取返回地址,它们会像(因为 kill 函数此时处于活动状态):
0x00_some_address_in_g
0x00_some_address_in_f
0x00_some_address_in_e
0x00_some_address_in_main
0x00_some_address_in__libc_start_main
How can I find return fields of current Stoped test process with ptrace?帧之间会有循环吗?我什么时候应该停止这样的循环?
PS:是的,这也很像 backtrace(3) libc function 在idea中,但我想通过ptrace在外部执行此操作。
I want to get a backtrace-like output as gdb does. But I want to do this via ptrace() directly. My platform is Linux, x86; and, later x86_64.
Now I want only to read return addresses from the stack, without conversion into symbol names.
So, for test program, compiled in -O0 mode by gcc-4.5:
int g() {
kill(getpid(),SIGALRM);
}
int f() {
int a;
int b;
a = g();
b = a;
return a+b;
}
int e() {
int c;
c = f();
}
main() {
return e();
}
I will start a my program and connect with ptrace to test program at very beginning. Then, I will do PTRACE_CONT and will wait for signal. When test program will do a self-kill; the signal will be delivered to my program. At this moment I want to read return addresses, they will be like (because kill function is active at the moment):
0x00_some_address_in_g
0x00_some_address_in_f
0x00_some_address_in_e
0x00_some_address_in_main
0x00_some_address_in__libc_start_main
How can I find return addresses of currently stopped test process with ptrace? There will be a loop over frames? When should I stop such loop?
PS: yes, this is also very like backtrace(3) libc function in idea, but I want to do this externally via ptrace.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
osgx 发布的示例仅适用于使用帧指针的代码。 GCC 生成的经过优化的
x86_64代码则不然。x86上的内核vdso代码至少在某些处理器上不使用帧指针。 GCC 4.6(经过优化)也不在 x86 模式下使用帧指针。上述所有因素结合在一起,使得“通过帧指针进行堆栈抓取”极其不可靠。
您可以使用
libunwind(它支持 local< /a> (进程中)和 全局(通过 ptrace 进行进程外)展开)。或者您必须重新实现
libunwind的很大一部分。示例 使用
libunwind通过ptrace获取回溯。The example posted by osgx will work only with code that uses frame pointers.
x86_64code produced by GCC with optimizations doesn't. The kernelvdsocode onx86doesn't use frame pointers on at least some processors. GCC 4.6 (with optimization) doesn't use frame pointers inx86mode either.All of the above combine to make the "stack crawl via frame pointers" exceedingly unreliable.
You can use
libunwind(which supports both local (in-process) and global (out-of-process via ptrace) unwinding).Or you'll have to re-implement very large portion of
libunwind.Example of getting backtrace via
ptraceusinglibunwind.可能,
pstack(1)实用程序的源代码会帮助我:(来自http://anonscm.debian.org/gitweb/?p=collab-maint/pstack.git;a=blob;f=pstack.c;h=61beb8d10fa490492ab351115f261614d00adb6d;hb=HEAD#l547
另外,快速测试说是不是不太靠谱,不过有时候可以打印 某物。
May be, source of
pstack(1)utility will help me: (online git from debian). Unfortunately this is x86 32-bit onlyhttp://anonscm.debian.org/gitweb/?p=collab-maint/pstack.git;a=blob;f=pstack.c;h=61beb8d10fa490492ab351115f261614d00adb6d;hb=HEAD#l547
Also, quick test says that is it not very reliable, but sometimes it can print something.