printing the instruction pointer under x86-64
Maciej Grela
maciej.grela at gmail.com
Wed Apr 22 22:11:48 UTC 2009
Hi,
I have a question regarding the ability of strace to print the
instruction pointer where the syscall takes place. I'm trying to use
this feature to trace a 32-bit process running on a amd64 gentoo
system. Unfortunately, the eip values returned by strace don't make
much sense:
[ f7fc6430] lstat64("/etc/opt/cisco-vpnclient",
{st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
[ f7fc6430] lstat64("/etc/opt/cisco-vpnclient/vpnclient.ini",
{st_mode=S_IFREG|0777, st_size=264, ...}) = 0
[ f7fc6430] open("/etc/opt/cisco-vpnclient/vpnclient.ini", O_RDONLY) = 3
[ f7fc6430] fstat64(3, {st_mode=S_IFREG|0777, st_size=264, ...}) = 0
[ f7fc6430] fcntl64(3, F_GETFL) = 0 (flags O_RDONLY)
[ f7fc6430] fstat64(3, {st_mode=S_IFREG|0777, st_size=264, ...}) = 0
[ f7fc6430] mmap2(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xfffffffff7f60000
[ f7fc6430] _llseek(3, 0, [0], SEEK_CUR) = 0
[ f7fc6430] read(3, "[main]\nEnableLog=1\n[LOG.IKE]\nLogL"...,
4096) = 264
[ f7fc6430] read(3, ""..., 4096) = 0
[ f7fc6430] close(3) = 0
[ f7fc6430] munmap(0xf7f60000, 4096) = 0
[ f7fc6430] close(3) = -1 EBADF (Bad file descriptor)
[ f7fc6430] socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3
[ f7fc6430] connect(3, {sa_family=AF_INET,
sin_port=htons(29748), sin_addr=inet_addr("127.0.0.1")}, 16) = -1
ECONNREFUSED (Connection refused)
[ f7fc6430] close(3) = 0
[ f7fc6430] time(NULL) = 1240437466
[ f7fc6430] lstat64("/etc/opt/cisco-vpnclient",
{st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
[ f7fc6430] open("/etc/opt/cisco-vpnclient/Logs",
O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No
such file or directory)
[ f7fc6430] gettimeofday({1240437466, 670732}, {4294967176, 0}) = 0
[ f7fc6430] lstat64("/etc/opt/cisco-vpnclient",
{st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
[ f7fc6430] chdir("/etc/opt/cisco-vpnclient") = 0
[ f7fc6430] lstat64("/var/run/cvpnd.pid",
{st_mode=S_IFREG|0644, st_size=6, ...}) = 0
[ f7fc6430] open("/var/run/cvpnd.pid", O_RDONLY) = 3
[ f7fc6430] fstat64(3, {st_mode=S_IFREG|0644, st_size=6, ...}) = 0
[ f7fc6430] fcntl64(3, F_GETLK, {type=F_UNLCK, whence=SEEK_SET,
start=-580558357262237696, len=682790123779129349,
pid=18446744073703020552}) = 0
[ f7fc6430] close(3) = 0
[ f7fc6430] clone(child_stack=0,
flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0)
= 19741
[ f7fc6430] nanosleep({1, 0}, Could not attach to driver. Is
kernel module loaded?
0) = ? ERESTART_RESTARTBLOCK (To be restarted)
[ f7fc6430] --- SIGCHLD (Child exited) @ 0 (0) ---
[ f7fc6430] restart_syscall(<... resuming interrupted call ...>) = 0
[ f7fc6430] socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3
[ f7fc6430] connect(3, {sa_family=AF_INET,
sin_port=htons(29746), sin_addr=inet_addr("127.0.0.1")}, 16) = -1
ECONNREFUSED (Connection refused)
[ f7fc6430] close(3) = 0
[ f7fc6430] write(1, "The application was unable to com"...,
66The application was unable to communicate with the VPN sub-system.)
= 66
As you can see, the reported eip value is constant for every syscall
which shouldn't be the case I think. How to fix this and make strace
report proper values ? Some info about my system:
4pll00555 Profiles # uname -a
Linux 4pll00555 2.6.29-gentoo-r1 #2 SMP PREEMPT Mon Apr 20 22:02:04
CEST 2009 x86_64 Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz
GenuineIntel GNU/Linux
4pll00555 Profiles # equery list -i strace
[ Searching for package 'strace' in all categories among: ]
* installed packages
[I--] [ ~] dev-util/strace-4.5.18 (0)
4pll00555 Profiles # equery list -i glibc
[ Searching for package 'glibc' in all categories among: ]
* installed packages
[I--] [ ~] sys-libs/glibc-2.9_p20081201-r2 (2.2)
Best regards,
Maciej Grela
More information about the Strace-devel
mailing list