0

I followed this document: http://www-users.cs.umn.edu/~boutcher/kprobes/kprobes.txt.html to understand kprobe.
As said in the document I created kprobe_example.c and a Makefile. (code for both the files are given in the document. I did a copy-paste and nothing else)
When I compile the Makefile using 'make' command, I am getting this error:

kprobe_example.c:15:16: error: ‘struct pt_regs’ has no member named ‘eip’
p->addr, regs->eip, regs->eflags);
            ^

I have also included ptrace.h header file in kprobe_example.c, still I am not able resolve the error. Any help on this is greatly appreciated.

flyingunicorn
  • 26
  • 2
  • 7
  • 3
    See http://lxr.free-electrons.com/source/arch/x86/include/asm/ptrace.h?v=3.3. The version of the `pt_regs` structure with those members is only used when `#ifndef __KERNEL__`. – Barmar Sep 18 '16 at 07:52
  • @Barmar: The code is compiled as a Linux kernel module, so `__KERNEL__` macro is defined. As for the problem itself, check definition of the struct in the kernel headers **on your machine**. Fields' definitions are changed time to time. E.g., Linux kernel 4.6 [uses](http://lxr.free-electrons.com/source/arch/x86/include/asm/ptrace.h?v=4.6#L33) `ip` instead of `eip`. – Tsyvarev Sep 18 '16 at 11:52
  • Thank you for the answers. My kernel version is 4.2 and yes, field definitions are changed. I replaced regs->eip by regs->ip in kprobe_example.c and my compilation is successful. – flyingunicorn Sep 18 '16 at 18:55

0 Answers0