1

I can't find it in kernel source with global ptrace, there is no definition in kernel/ptrace.c like it was stated in man page..... I can see kernel/ptrace.c and include/linux/ptrace.h but there is nothing

red0ct
  • 4,840
  • 3
  • 17
  • 44
M. Kalter
  • 13
  • 4
  • If you mean the system call, pretty sure it's defined: https://elixir.bootlin.com/linux/v5.3.1/source/kernel/ptrace.c#L1237 – Michael Foukarakis Sep 25 '19 at 11:14
  • How am I supposed to find this type of declarations, except reading code and looking for hints like `SYSCALL_DEFINE4`(ptrace...? global doesn't handle this if I just type `global ptrace` – M. Kalter Sep 25 '19 at 11:52
  • @MichaelFoukarakis: OP asked for `ptrace()`. It's libc that calls ptrace syscall. – Arkadiusz Drabczyk Sep 25 '19 at 12:42
  • @M.Kalter i don't know of the limitations of `global`. Other IDEs or cross-reference tools certainly can, and the kernel's conventions for declaring system calls are well-established, but these are not the subject of the question. – Michael Foukarakis Sep 25 '19 at 13:32
  • @ArkadiuszDrabczyk I think the question is exceedingly clear. – Michael Foukarakis Sep 25 '19 at 13:33
  • @ArkadiuszDrabczyk Honestly I was looking for syscall implementation by kernel. I just didn't think ptrace could be defined in both kernel and glibc. Your answer was useful nevertheless – M. Kalter Sep 25 '19 at 14:12
  • @M.Kalter: `ptrace()` is not defined in kernel, it's defined only in libc. There is a syscall implementation in kernel. – Arkadiusz Drabczyk Sep 25 '19 at 14:13
  • @M.Kalter: it goes like that: `INLINE_SYSCALL` (glibc) -> `INTERNAL_SYSCALL` (glibc) - `__NR_ptrace` in kernel. – Arkadiusz Drabczyk Sep 25 '19 at 14:20

1 Answers1

1

You need to look for it in your libc source code, for example glibc or musl. And notice what does it say in man ptrace under NOTES section:

Although arguments to ptrace() are interpreted according to the prototype given, glibc currently declares ptrace() as a variadic function with only the request argument fixed. It is recommended to always supply four arguments, even if the requested operation does not use them, setting unused/ignored arguments to 0L or (void *) 0.

In glibc for example ptrace() is defined in sysdeps/unix/sysv/linux/ptrace.c:

long int
ptrace (enum __ptrace_request request, ...)
{
  long int res, ret;
  va_list ap;
  pid_t pid;
  void *addr, *data;

  va_start (ap, request);
  pid = va_arg (ap, pid_t);
  addr = va_arg (ap, void *);
  data = va_arg (ap, void *);
  va_end (ap);

  if (request > 0 && request < 4)
    data = &ret;

  res = INLINE_SYSCALL (ptrace, 4, request, pid, addr, data);
  if (res >= 0 && request > 0 && request < 4)
    {
      __set_errno (0);
      return ret;
    }

  return res;
}
Arkadiusz Drabczyk
  • 11,227
  • 2
  • 25
  • 38
  • How did you see it was actually part of libc?... ptrace wiki page doesn't mention it; it seems to me I miss something essential – M. Kalter Sep 24 '19 at 16:00
  • Manpages usually (I don't want to say *always* because I can never be sure) describe libc interfaces and often focus on GLIBC specifically. The intention is that programmers don't have to use kernel and architecture specific code but would use unified libc interface. GLIBC is ported to multiple architectures and systems but code of the userland program doesn't have to change. – Arkadiusz Drabczyk Sep 24 '19 at 16:10