Is it possible to use PTRACE_SETREGS to change the execution sequence of a process? I'm saving the process register file at a point of the process execution and I want to use it later to set the current register file of the process (to repeat the execution again at this point). below is the code I'm trying to use, but it does not work. can someone explain to me what is wrong with it or what I misunderstand about the ptrace?
#include<stdio.h>
#include<sys/ptrace.h>
#include<sys/types.h>
#include<unistd.h>
#include<sys/reg.h>
#include<sys/user.h>
#include<sys/syscall.h>
#include<string.h>
#include<stdlib.h>
int main(int argc, char *argv[])
{
pid_t app1;
int status;
int entry =1; //used to check the system call entry or exit
struct user_regs_struct app1_regs, prev_sys_regs;
int flag=1;
long app1_syscall;
if(argc < 2)
{
printf("Usage: %s <pid to be traced>\n", argv[0], argv[1]);
exit(1);
}
app1 = atoi(argv[1]);
ptrace(PTRACE_ATTACH, app1, NULL, NULL);
while (1){
waitpid(app1,&status,0);
app1_syscall = ptrace(PTRACE_PEEKUSER, app1, 4 * ORIG_EAX, NULL);
ptrace(PTRACE_GETREGS, app1, NULL, &app1_regs);
if(entry){//system call entry
entry = 0;
printf("Instruction Pointer:0x%.8lx, Stack Pointer: 0x%.8lx, orig_eax: 0x%.8lx, eax: 0x%.8lx, ebx: 0x%.8lx, ecx: 0x%.8lx, edx: 0x%.8lx, esi: 0x%.8lx, edi:0x%.8lx,ebp:0x%.8lx\n",app1_regs.eip, app1_regs.esp, app1_regs.orig_eax, app1_regs.eax, app1_regs.ebx, app1_regs.ecx, app1_regs.edx, app1_regs.esi, app1_regs.edi, app1_regs.ebp);
if(app1_syscall == SYS_write && flag ==1){
flag=0; //I want to do this only once
//here I'm setting the current registers of the process with the previous one to repeat the execution from previous point
ptrace(PTRACE_SETREGS, app1, NULL, &prev_sys_regs);
}
}
else{ //system call exit
entry = 1;
if (flag ==1)
prev_sys_regs = app1_regs;
if(WIFEXITED(status))
return 0;
}
ptrace(PTRACE_SYSCALL, app1, NULL, NULL);
}
return 0;
}
