是否可以使用 PTRACE_SETREGS 来更改进程的执行顺序?我在进程执行的某个点保存进程寄存器文件,我想稍后使用它来设置进程的当前寄存器文件(此时再次重复执行)。下面是我尝试使用的代码,但它不起作用。有人可以向我解释它有什么问题或我对 ptrace 有什么误解吗?
#include<stdio.h>
#include<sys/ptrace.h>
#include<sys/types.h>
#include<unistd.h>
#include<sys/reg.h>
#include<sys/user.h>
#include<sys/syscall.h>
#include<string.h>
#include<stdlib.h>
int main(int argc, char *argv[])
{
pid_t app1;
int status;
int entry =1; //used to check the system call entry or exit
struct user_regs_struct app1_regs, prev_sys_regs;
int flag=1;
long app1_syscall;
if(argc < 2)
{
printf("Usage: %s <pid to be traced>\n", argv[0], argv[1]);
exit(1);
}
app1 = atoi(argv[1]);
ptrace(PTRACE_ATTACH, app1, NULL, NULL);
while (1){
waitpid(app1,&status,0);
app1_syscall = ptrace(PTRACE_PEEKUSER, app1, 4 * ORIG_EAX, NULL);
ptrace(PTRACE_GETREGS, app1, NULL, &app1_regs);
if(entry){//system call entry
entry = 0;
printf("Instruction Pointer:0x%.8lx, Stack Pointer: 0x%.8lx, orig_eax: 0x%.8lx, eax: 0x%.8lx, ebx: 0x%.8lx, ecx: 0x%.8lx, edx: 0x%.8lx, esi: 0x%.8lx, edi:0x%.8lx,ebp:0x%.8lx\n",app1_regs.eip, app1_regs.esp, app1_regs.orig_eax, app1_regs.eax, app1_regs.ebx, app1_regs.ecx, app1_regs.edx, app1_regs.esi, app1_regs.edi, app1_regs.ebp);
if(app1_syscall == SYS_write && flag ==1){
flag=0; //I want to do this only once
//here I'm setting the current registers of the process with the previous one to repeat the execution from previous point
ptrace(PTRACE_SETREGS, app1, NULL, &prev_sys_regs);
}
}
else{ //system call exit
entry = 1;
if (flag ==1)
prev_sys_regs = app1_regs;
if(WIFEXITED(status))
return 0;
}
ptrace(PTRACE_SYSCALL, app1, NULL, NULL);
}
return 0;
}