Jump to content
  • Advertisement
Sign in to follow this  

question about using ptrace

This topic is 3561 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

hello guys, one of my computer architecture homework tasks is to count the top 20 mostly executed assembly instructions. i couldn't find any such tool working under windows xp, but i know a system call under linux which is ptrace() that can step over a program and read back register values and memory data. i know a lot of debuggers are using ptrace. so i did a simple instruction counter, the code is as same as the one in this article, except that the code in the article takes the linux command /bin/ls as the target program for testing, while i'm testing i very simple program i wrote. http://linuxgazette.net/issue81/sandeep.html and this my target program (the child process): int main() { int a=0; a+=4; } surprisingly, the returned counting result was more than 90000, and the counting program ran for quite a while. i think that is weired, as the target program is so simple. so i tried to read back the value from the eip register of the child process and found out that, at the beginning, the value inside the eip register is different from the starting address viewed with a disassembler. in other word, the child process was actually running some other code instead of my target program. for example, the starting address of the target program viewed in a disassembler is 0x34343434, however the value of the eip register at the first line of the child process is 0x5555555. i don't know what's wrong? and if i manually assign the starting address got from the disassembler to the eip register of the child process at the beginning, which means i manually redirect the child process eip to the beginning of the main function of my target program, the counter works pretty well. the result count matches the number of instructions that viewed with the disassembler.

Share this post

Link to post
Share on other sites
Sign in to follow this  

  • Advertisement

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!