Sign in to follow this  

Instruction decryption

This topic is 4684 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Dear all, This is a semi-technical question and I hope someone will have the answer. I want to put up a dynamic interpreter. It will take the form of a separate thread and will interpret the code of the first thread. I've been reading a little bit on the net but I still have one big problem: How do I know exactly where the instructions start and how do I get the PC (program counter). So basically, how do I get the instruction the program is executing. For example, it's easy to put to sleep the main thread but then to know where it's up to and exactly what instruction is it doing... I've checked out the structures in the /proc/ directory (yes I'm working under linux), but I haven't really discovered what I need... Thanx for your help and insight, Jc

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
You need to attach your program to the "target" as if it were a debugger. Can't be more specific, as I am not familiar with the functions linux provides for debugging. Take a look at ptrace(2) in the syscall man pages though.

Share this post


Link to post
Share on other sites
That would work well but I was wondering if someone had a good description of the data/text segment that's in memory under the Linux system.

I found the startcode variable in the /proc/[process number]/stat but is that where the segment starts?

And does it start straight away with the first instructions or is there information first?

Jc

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
As far as I know, it is just the elf binary just loaded into memory.
http://www.wotsit.org/download.asp?f=elf11g

Share this post


Link to post
Share on other sites
I've been playing with the ELF binary but I have a feeling it isn't loaded TOTALLY into memory.

When I follow the header information I can walk through the Section Headers but this only works if the code is small enough. If I link a external library (like -lglut for example), then I have a feeling the binary isn't totally loaded.

This is a pain, since the text segment header for the code can normally be anywhere (though through experiments it's always the index 12). So basically I have two more questions:

- Is there a way to tell the OS to load the binary totally?

- Is there a way to know the start of the code directly. I found in /proc/[number]/stat, "startcode" and "endcode" where normally that's where the code CAN be. The CAN is a bit annoying because how do you know for sure?

Thanx again,
Jc

Share this post


Link to post
Share on other sites

This topic is 4684 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this