0

I'm trying to use ptrace to access the registers of a particular thread in a child process. The values I'm getting seem to be junk however - they seem to be way out in the weeks. Here's what I mean:

RAX: fffffffffffffdfc
RBX: 7f0533fe7700
RCX: ffffffffffffffff
RDX: 0
RSI: 0
RDI: 7f0533fe6ea0
RBP: 7f0533fe6ed0
RSP: 7f0533fe6e70
RIP: 7f05345fab9d

I can believe RAX and RCX, but the stack pointer, instruction pointer, and block pointers are suspicious. On top of that, accessing those values with GDB crashes GDB (I didn't realize I could do that haha). Should I perhaps be using PTRACE_GETREGSET instead of PTRACE_GETREGS? I'm on an x86_64 system, so I didn't think it made a difference. Or should I be looking elsewhere?

Lightness Races in Orbit
  • 378,754
  • 76
  • 643
  • 1,055
tonysdg
  • 1,335
  • 11
  • 32
  • 1
    Are you checking the result of `ptrace` for an error? Also, do `cat /proc/[pid]/maps` and see if the addresses are in any of the ranges. – Colonel Thirty Two Jul 08 '15 at 15:46
  • Huh...everything checks out. That's strange - I'm getting some weird segfaults when I try to use those values later on. It seems the instruction pointer is aimed somewhere in the middle of the pthread library. Might have to go back to the drawing board...in any event, thank you for the `cat /proc/[pid]/maps` tip! – tonysdg Jul 08 '15 at 15:55

0 Answers0