Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 14 Mar 2013 21:52:40 +0100 (CET)
From: Pavel Kankovsky <peak@...o.troja.mff.cuni.cz>
To: owl-dev@...ts.openwall.com
Subject: Re: strace

On Thu, 14 Mar 2013, Dmitry V. Levin wrote:

> restart_syscall is syscall number 0.  Could the difference between older
> and newer asm/ptrace.h versions be so fatal?

Regrettably, I have not paid much attention the development Owl recently, 
therefore I do not know what are those older and newer versions but
some reshuffling of pt_regs happened between 2.6.18 and 2.6.32.

2.6.18:

struct pt_regs {
         long ebx;
         long ecx;
         long edx;
         long esi;
         long edi;
         long ebp;
         long eax;
         int  xds;
         int  xes;
         long orig_eax;
         long eip;
         int  xcs;
         long eflags;
         long esp;
         int  xss;
};

2.6.32:

struct pt_regs {
         long ebx;
         long ecx;
         long edx;
         long esi;
         long edi;
         long ebp;
         long eax;
         int  xds;
         int  xes;
         int  xfs;
         int  xgs;
         long orig_eax;
         long eip;
         int  xcs;
         long eflags;
         long esp;
         int  xss;
};

orig_eax (syscall number) has shifted.

But why would it matter? strace uses user_regs_struct from user.h that 
did not change and any changes in pt_regs layout should have been hidden 
by the kernel.

PS: De ja vu? <http://www.openwall.com/lists/owl-dev/2012/07/19/1> :)

-- 
Pavel Kankovsky aka Peak                          / Jeremiah 9:21        \
"For death is come up into our MS Windows(tm)..." \ 21st century edition /

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.