Re: __NR_mmap2 in FreeBSD
Oh and here is the code that worked. Thanks! :)
void map_memory(unsigned long addr, unsigned long size, int flags)
{
int status;
char cmd[200];
struct reg regs,temp_regs;
unsigned int int_instr = 0x80cd; /* INT 0x80 */
unsigned int push_eax= 0x0050;
unsigned int orig_instr;
sprintf(cmd,"procstat -v %d "/*| grep 0x | awk ' { print $2,$3,$4 } ' |
cut -d '%%' -f1 > temp.txt*/,exec_pid);
system(cmd);
if (ptrace(PT_GETREGS,exec_pid,(caddr_t)®s,0) < 0)
die_perror("ptrace(PTRACE_GETREGS,%d,(caddr_t)®s,0)",exec_pid);
/*mmap2 system call seems to take arguments as follows:
* eax = __NR_mmap2
* ebx = (unsigned long) page aligned address
* ecx = (unsigned long) page aligned file size
* edx = protection
* esi = flags
* Other arguments (fd and pgoff) are not required for anonymous mapping
*/
int i;
orig_instr = ptrace(PT_READ_D, exec_pid, (caddr_t)regs.r_eip,0);
temp_regs = regs;
unsigned int
arr[8]={0,0,-1,MAP_ANON|MAP_PRIVATE|MAP_FIXED,flags,size,addr,45};
for(i=0;i<8;i++)
{
temp_regs.r_eip=regs.r_eip;
temp_regs.r_eax=arr[i];
if(ptrace(PT_WRITE_D, exec_pid,(caddr_t)temp_regs.r_eip,push_eax)<0)
die_perror("ptrace(PT_WRITE,%d,0x%.8x) while pushing",exec_pid,arr[i]);
if(ptrace(PT_SETREGS,exec_pid,(caddr_t)&temp_regs,0)<0)
die_perror("ptrace(PT_SETREGS,%d,0x%.8x)%d while
pushing",exec_pid,arr[i],i);
if(ptrace(PT_STEP, exec_pid, (caddr_t)1, 0)<0)
printf("\nafter continue\n");
wait(NULL);
if(ptrace(PT_GETREGS, exec_pid,(caddr_t)&temp_regs,0)<0);
}
temp_regs.r_eip=regs.r_eip;
temp_regs.r_eax=SYS_mmap;
if (ptrace(PT_WRITE_D,exec_pid,(caddr_t)(temp_regs.r_eip),int_instr) < 0)
die_perror("ptrace(PT_WRITE,%d,0x%.8x,INT 0x80) failed while allocating
memory",exec_pid,temp_regs.r_eip);
if (ptrace(PT_SETREGS,exec_pid,(caddr_t)&temp_regs,0) < 0) {
die_perror("ptrace(PT_SETREGS,%d,...) failed while allocating
memory",exec_pid);
}
if (ptrace(PT_STEP,exec_pid,(caddr_t)1,0) < 0)
die_perror("ptrace(PT_STEP,...) failed while executing mmap");
//temp_regs.r_esp = temp_regs.r_esp - 28;
wait(&status);
if (WIFEXITED(status))
die("Restarted process abrubtly (exited with value %d). Aborting
Restart.",WEXITSTATUS(status));
else if (WIFSIGNALED(status))
die("Restarted process abrubtly exited because of uncaught signal (%d).
Aborting Restart.",WTERMSIG(status));
if (ptrace(PT_GETREGS,exec_pid,(caddr_t)&temp_regs,0) < 0) {
die_perror("ptrace(PT_GETREGS,...) failed after executing mmap2 system
call");
}
//fprintf(stdout,"hello iam here in map_memory() \n");
if (temp_regs.r_eax != addr)
warn("Wanted space at address 0x%.8x, mmap2 system call returned
0x%.8x. This could be a problem.",addr,temp_regs.r_eax);
else if (cr_options.verbose)
fprintf(stdout,"Successfully allocated [0x%.8lx -
0x%.8lx]\n",addr,addr+size);
if(ptrace(PT_WRITE_D, exec_pid, (caddr_t)regs.r_eip,orig_instr)<0)
die_perror("ptrace(PT_WRITE_D,...) failed after executing mmap2
system call");
//Restore original registers
if (ptrace(PT_SETREGS,exec_pid,(caddr_t)®s,0) < 0) {
die_perror("ptrace(PT_SETREGS,...) when restoring registering after
allocating memory (mmap2)");
}
}
On 19 April 2012 20:29, Maninya M wrote:
> Hello :)
>
> After a long time trying different combinations of setting register
> values, I was finally able to allocate memory to the process.
> It doesn't seem to work for processes that use malloc(), so that's why I
> was getting a problem.
> Thank you very much John Baldwin and Julian Elischer, and to all the other
> FreeBSD hackers on this amazing forum. Your patient replies to all my
> questions helped a lot! :)
>
>
>
>
>
> On 3 April 2012 02:12, John Baldwin wrote:
>
>> On Saturday, March 31, 2012 5:40:50 pm Maninya M wrote:
>> > Thanks.
>> >
>> > I've tried this. Still getting some allocation problems.
>> >
>> > if (temp_regs.r_eax != addr)
>> > warn("Wanted space at address 0x%.8x, mmap2 system call returned
>> > 0x%.8x. This could be a problem.",addr,temp_regs.r_eax);
>> >
>> > What can I do? Please help.
>>
>> Hmm, can you capture a ktrace of the target process during this so you
>> can see
>> if the kernel sees the mmap request properly?
>>
>> >
>> > void map_memory(unsigned long addr, unsigned long size, int flags)
>> > {
>> > int status;
>> > struct reg regs,temp_regs;
>> > unsigned long int_instr = 0x80cd; /* INT 0x80 */
>> > printf("%x
Re: __NR_mmap2 in FreeBSD
Hello :)
After a long time trying different combinations of setting register values,
I was finally able to allocate memory to the process.
It doesn't seem to work for processes that use malloc(), so that's why I
was getting a problem.
Thank you very much John Baldwin and Julian Elischer, and to all the other
FreeBSD hackers on this amazing forum. Your patient replies to all my
questions helped a lot! :)
On 3 April 2012 02:12, John Baldwin wrote:
> On Saturday, March 31, 2012 5:40:50 pm Maninya M wrote:
> > Thanks.
> >
> > I've tried this. Still getting some allocation problems.
> >
> > if (temp_regs.r_eax != addr)
> > warn("Wanted space at address 0x%.8x, mmap2 system call returned
> > 0x%.8x. This could be a problem.",addr,temp_regs.r_eax);
> >
> > What can I do? Please help.
>
> Hmm, can you capture a ktrace of the target process during this so you can
> see
> if the kernel sees the mmap request properly?
>
> >
> > void map_memory(unsigned long addr, unsigned long size, int flags)
> > {
> > int status;
> > struct reg regs,temp_regs;
> > unsigned long int_instr = 0x80cd; /* INT 0x80 */
> > printf("%x\n",addr);
> > //addr=addr&0x;
> > if (ptrace(PT_GETREGS,exec_pid,(caddr_t)®s,0) < 0)
> > die_perror("ptrace(PTRACE_GETREGS,%d,(caddr_t)®s,0)",exec_pid);
> >
> > /* mmap2 system call seems to take arguments as follows:
> >* eax = __NR_mmap2
> >* ebx = (unsigned long) page aligned address
> >* ecx = (unsigned long) page aligned file size
> >* edx = protection
> >* esi = flags
> >* Other arguments (fd and pgoff) are not required for anonymous
> mapping
> >*/
> > temp_regs = regs;
> >
> > //printf("temp=%u,
> \teip=%u\tregs=%u\teip=%u\n",&temp_regs,temp_regs.r_eip,®s,regs.r_eip);
> > // temp_regs.r_eax = __NR_mmap2;
> > temp_regs.r_eax=71;
> > /*temp_regs.r_ebx = addr;
> > temp_regs.r_ecx = size;
> > temp_regs.r_edx = flags;
> > temp_regs.r_esi = MAP_PRIVATE | MAP_ANONYMOUS;*/
> > //push size
> >
> > //temp_regs.r_eip = temp_regs.r_esp - 4;
> >
> > //printf("temp=%u,
> \teip=%u\tregs=%u\teip=%u\n",&temp_regs,temp_regs.r_eip,®s,regs.r_eip);
> >
> > if (ptrace(PT_WRITE_D,exec_pid,(void *)(temp_regs.r_esp-4),addr) < 0)
> > die_perror("ptrace(PT_WRITE,%d,0x%.8x,0x%.8x) failed
> > ADDER",exec_pid,temp_regs.r_esp,addr);
> >
> > if (ptrace(PT_WRITE_D,exec_pid,(void *)(temp_regs.r_esp-8),size) < 0)
> > die_perror("ptrace(PT_WRITE,%d,0x%.8x,INT 0x80) failed
> > size",exec_pid,temp_regs.r_esp);
> >
> > if (ptrace(PT_WRITE_D,exec_pid,(void *)(temp_regs.r_esp-12),flags) < 0)
> > die_perror("ptrace(PT_WRITE,%d,0x%.8x,INT 0x80) failed
> > protections",exec_pid,temp_regs.r_esp);
> >
> > if (ptrace(PT_WRITE_D,exec_pid,(void
> > *)(temp_regs.r_esp-16),MAP_PRIVATE|MAP_ANON|MAP_FIXED) < 0)
> > die_perror("ptrace(PT_WRITE,%d,0x%.8x,INT 0x80) failed
> > flags",exec_pid,temp_regs.r_esp);
> >
> > if (ptrace(PT_WRITE_D,exec_pid,(void *)(temp_regs.r_esp-20),-1) < 0)
> > die_perror("ptrace(PT_WRITE,%d,0x%.8x,0x%.8x) failed
> > ADDER",exec_pid,temp_regs.r_esp,addr);
> >
> > if (ptrace(PT_WRITE_D,exec_pid,(void *)(temp_regs.r_esp-24),0) < 0)
> > die_perror("ptrace(PT_WRITE,%d,0x%.8x,0x%.8x) failed
> > offset1",exec_pid,temp_regs.r_esp,addr);
> > if (ptrace(PT_WRITE_D,exec_pid,(void *)(temp_regs.r_esp-28),0) < 0)
> > die_perror("ptrace(PT_WRITE,%d,0x%.8x,0x%.8x) failed
> > offset1",exec_pid,temp_regs.r_esp,addr);
> >
> >
> > /*
> > if (ptrace(PT_WRITE_I,exec_pid,(void *)(temp_regs.r_eip),0x80cd) < 0)
> > die_perror("ptrace(PT_WRITE,%d,0x%.8x,INT 0x80) failed while
> allocating
> > memory",exec_pid,temp_regs.r_eip);
> > */
> > if (ptrace(PT_WRITE_I,exec_pid,(void *)(temp_regs.r_eip),0x80cd) <
> 0)
> > die_perror("ptrace(PT_WRITE,%d,0x%.8x,INT 0x80) failed while
> allocating
> > memory",exec_pid,temp_regs.r_eip);
> >
> > //temp_regs.r_eip = temp_regs.r_esp - 32;
> > temp_regs.r_esp = temp_regs.r_esp - 28;
> >
> > if (ptrace(PT_SETREGS,exec_pid,(caddr_t)&temp_regs,0) < 0) {
> > die_perror("ptrace(PT_SETREGS,%d,...) failed while allocating
> > memory",exec_pid);
> > }
> > if (ptrace(PT_STEP,exec_pid,NULL,0) < 0)
>
mmap segmentation fault
Hello,
I want to allocate memory at a specified address location 'a' of size 'b'.
I wrote code below to do it, but I'm getting a seg fault. How can I solve
this?
How can I get the allocated memory at the required address?
int main()
{
unsigned int *addr,*newaddr;
unsigned long a=134516736,a1;
unsigned long b=3895296;
unsigned long flags =6;
a1=(a&0x);
printf("%x\n",(void *)a);
newaddr=(unsigned int *)mmap((void *)a,b,6,MAP_ANONYMOUS|MAP_FIXED,-1,0);
if(newaddr==MAP_FAILED)
printf("mmap failed");
else
printf("sucess %x",newaddr);
return 0;
}
Output is
8049000
Segmentation fault
--
Maninya
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
Re: __NR_mmap2 in FreeBSD
Thanks.
I've tried this. Still getting some allocation problems.
if (temp_regs.r_eax != addr)
warn("Wanted space at address 0x%.8x, mmap2 system call returned
0x%.8x. This could be a problem.",addr,temp_regs.r_eax);
What can I do? Please help.
void map_memory(unsigned long addr, unsigned long size, int flags)
{
int status;
struct reg regs,temp_regs;
unsigned long int_instr = 0x80cd; /* INT 0x80 */
printf("%x\n",addr);
//addr=addr&0x;
if (ptrace(PT_GETREGS,exec_pid,(caddr_t)®s,0) < 0)
die_perror("ptrace(PTRACE_GETREGS,%d,(caddr_t)®s,0)",exec_pid);
/* mmap2 system call seems to take arguments as follows:
* eax = __NR_mmap2
* ebx = (unsigned long) page aligned address
* ecx = (unsigned long) page aligned file size
* edx = protection
* esi = flags
* Other arguments (fd and pgoff) are not required for anonymous mapping
*/
temp_regs = regs;
//printf("temp=%u,\teip=%u\tregs=%u\teip=%u\n",&temp_regs,temp_regs.r_eip,®s,regs.r_eip);
// temp_regs.r_eax = __NR_mmap2;
temp_regs.r_eax=71;
/*temp_regs.r_ebx = addr;
temp_regs.r_ecx = size;
temp_regs.r_edx = flags;
temp_regs.r_esi = MAP_PRIVATE | MAP_ANONYMOUS;*/
//push size
//temp_regs.r_eip = temp_regs.r_esp - 4;
//printf("temp=%u,\teip=%u\tregs=%u\teip=%u\n",&temp_regs,temp_regs.r_eip,®s,regs.r_eip);
if (ptrace(PT_WRITE_D,exec_pid,(void *)(temp_regs.r_esp-4),addr) < 0)
die_perror("ptrace(PT_WRITE,%d,0x%.8x,0x%.8x) failed
ADDER",exec_pid,temp_regs.r_esp,addr);
if (ptrace(PT_WRITE_D,exec_pid,(void *)(temp_regs.r_esp-8),size) < 0)
die_perror("ptrace(PT_WRITE,%d,0x%.8x,INT 0x80) failed
size",exec_pid,temp_regs.r_esp);
if (ptrace(PT_WRITE_D,exec_pid,(void *)(temp_regs.r_esp-12),flags) < 0)
die_perror("ptrace(PT_WRITE,%d,0x%.8x,INT 0x80) failed
protections",exec_pid,temp_regs.r_esp);
if (ptrace(PT_WRITE_D,exec_pid,(void
*)(temp_regs.r_esp-16),MAP_PRIVATE|MAP_ANON|MAP_FIXED) < 0)
die_perror("ptrace(PT_WRITE,%d,0x%.8x,INT 0x80) failed
flags",exec_pid,temp_regs.r_esp);
if (ptrace(PT_WRITE_D,exec_pid,(void *)(temp_regs.r_esp-20),-1) < 0)
die_perror("ptrace(PT_WRITE,%d,0x%.8x,0x%.8x) failed
ADDER",exec_pid,temp_regs.r_esp,addr);
if (ptrace(PT_WRITE_D,exec_pid,(void *)(temp_regs.r_esp-24),0) < 0)
die_perror("ptrace(PT_WRITE,%d,0x%.8x,0x%.8x) failed
offset1",exec_pid,temp_regs.r_esp,addr);
if (ptrace(PT_WRITE_D,exec_pid,(void *)(temp_regs.r_esp-28),0) < 0)
die_perror("ptrace(PT_WRITE,%d,0x%.8x,0x%.8x) failed
offset1",exec_pid,temp_regs.r_esp,addr);
/*
if (ptrace(PT_WRITE_I,exec_pid,(void *)(temp_regs.r_eip),0x80cd) < 0)
die_perror("ptrace(PT_WRITE,%d,0x%.8x,INT 0x80) failed while allocating
memory",exec_pid,temp_regs.r_eip);
*/
if (ptrace(PT_WRITE_I,exec_pid,(void *)(temp_regs.r_eip),0x80cd) < 0)
die_perror("ptrace(PT_WRITE,%d,0x%.8x,INT 0x80) failed while allocating
memory",exec_pid,temp_regs.r_eip);
//temp_regs.r_eip = temp_regs.r_esp - 32;
temp_regs.r_esp = temp_regs.r_esp - 28;
if (ptrace(PT_SETREGS,exec_pid,(caddr_t)&temp_regs,0) < 0) {
die_perror("ptrace(PT_SETREGS,%d,...) failed while allocating
memory",exec_pid);
}
if (ptrace(PT_STEP,exec_pid,NULL,0) < 0)
die_perror("ptrace(PT_STEP,...) failed while executing mmap2");
wait(&status);
if (WIFEXITED(status))
die("Restarted process abrubtly (exited with value %d). Aborting
Restart.",WEXITSTATUS(status));
else if (WIFSIGNALED(status))
die("Restarted process abrubtly exited because of uncaught signal (%d).
Aborting Restart.",WTERMSIG(status));
if (ptrace(PT_GETREGS,exec_pid,(caddr_t)&temp_regs,0) < 0) {
die_perror("ptrace(PT_GETREGS,...) failed after executing mmap2 system
call");
}
//fprintf(stdout,"hello iam here \n");
if (temp_regs.r_eax != addr)
warn("Wanted space at address 0x%.8x, mmap2 system call returned
0x%.8x. This could be a problem.",addr,temp_regs.r_eax);
else if (cr_options.verbose)
fprintf(stdout,"Successfully allocated [0x%.8lx -
0x%.8lx]\n",addr,addr+size);
/* Restore original registers */
if (ptrace(PT_SETREGS,exec_pid,(caddr_t)&temp_regs,0) < 0) {
die_perror("ptrace(PT_SETREGS,...) when restoring registering after
allocating memory (mmap2)");
}
}
On 29 March 2012 19:14, John Baldwin wrote:
> On Thursday, March 29, 2012 9:15:43 am Maninya M wrote:
> > Thanks a lot for replying!
> > Ok I've tried this to push arguments onto stack.
> > Is it right?
> > I get an error at this line:
> >
> >die_perror("ptrace(PT_WRITE,%d,0x%.8x,INT 0x80) failed while
> > dasfallocating memory",exec_pid,temp_regs.r_eip);
> >
> >
> > Please tell me what
Re: __NR_mmap2 in FreeBSD
Thanks a lot for replying!
Ok I've tried this to push arguments onto stack.
Is it right?
I get an error at this line:
die_perror("ptrace(PT_WRITE,%d,0x%.8x,INT 0x80) failed while
dasfallocating memory",exec_pid,temp_regs.r_eip);
Please tell me what to do.
void map_memory(unsigned long addr, unsigned long size, int flags)
{
int status;
struct reg regs,temp_regs;
unsigned long int_instr = 0x80cd; /* INT 0x80 */
if (ptrace(PT_GETREGS,exec_pid,(caddr_t)®s,0) < 0)
die_perror("ptrace(PTRACE_GETREGS,%d,(caddr_t)®s,0)",exec_pid);
/* mmap2 system call seems to take arguments as follows:
* eax = __NR_mmap2
* ebx = (unsigned long) page aligned address
* ecx = (unsigned long) page aligned file size
* edx = protection
* esi = flags
* Other arguments (fd and pgoff) are not required for anonymous mapping
*/
temp_regs = regs;
//printf("temp=%u,\teip=%u\tregs=%u\teip=%u\n",&temp_regs,temp_regs.r_eip,®s,regs.r_eip);
// temp_regs.r_eax = __NR_mmap2;
temp_regs.r_eax=71;
/*temp_regs.r_ebx = addr;
temp_regs.r_ecx = size;
temp_regs.r_edx = flags;
temp_regs.r_esi = MAP_PRIVATE | MAP_ANONYMOUS;*/
//push size
//temp_regs.r_eip = temp_regs.r_esp - 4;
//printf("temp=%u,\teip=%u\tregs=%u\teip=%u\n",&temp_regs,temp_regs.r_eip,®s,regs.r_eip);
if (ptrace(PT_WRITE_D,exec_pid,(void *)(temp_regs.r_esp-4),MAP_PRIVATE |
MAP_ANONYMOUS) < 0)
die_perror("ptrace(PT_WRITE,%d,0x%.8x,INT 0x80) failed while allocating
memory",exec_pid,temp_regs.r_eip);
if (ptrace(PT_WRITE_D,exec_pid,(void *)(temp_regs.r_esp-8),flags) < 0)
die_perror("ptrace(PT_WRITE,%d,0x%.8x,INT 0x80) failed while allocating
memory",exec_pid,temp_regs.r_eip);
if (ptrace(PT_WRITE_D,exec_pid,(void *)(temp_regs.r_esp-12),size) < 0)
die_perror("ptrace(PT_WRITE,%d,0x%.8x,INT 0x80) failed while allocating
memory",exec_pid,temp_regs.r_eip);
if (ptrace(PT_WRITE_D,exec_pid,(void *)(temp_regs.r_esp-16), addr) < 0);
die_perror("ptrace(PT_WRITE,%d,0x%.8x,INT 0x80) failed while
dasfallocating memory",exec_pid,temp_regs.r_eip);
/*
if (ptrace(PT_WRITE_I,exec_pid,(void *)(temp_regs.r_eip),0x80cd) < 0)
die_perror("ptrace(PT_WRITE,%d,0x%.8x,INT 0x80) failed while allocating
memory",exec_pid,temp_regs.r_eip);
*/
if (ptrace(PT_WRITE_I,exec_pid,(void *)(temp_regs.r_eip),0x80cd) < 0)
die_perror("ptrace(PT_WRITE,%d,0x%.8x,INT 0x80) failed while allocating
memory",exec_pid,temp_regs.r_eip);
if (ptrace(PT_SETREGS,exec_pid,(caddr_t)&temp_regs,0) < 0) {
die_perror("ptrace(PT_SETREGS,%d,...) failed while allocating
memory",exec_pid);
}
if (ptrace(PT_STEP,exec_pid,NULL,0) < 0)
die_perror("ptrace(PT_STEP,...) failed while executing mmap2");
wait(&status);
if (WIFEXITED(status))
die("Restarted process abrubtly (exited with value %d). Aborting
Restart.",WEXITSTATUS(status));
else if (WIFSIGNALED(status))
die("Restarted process abrubtly exited because of uncaught signal (%d).
Aborting Restart.",WTERMSIG(status));
if (ptrace(PT_GETREGS,exec_pid,(caddr_t)&temp_regs,0) < 0) {
die_perror("ptrace(PT_GETREGS,...) failed after executing mmap2 system
call");
}
//fprintf(stdout,"hello iam here \n");
if (temp_regs.r_eax != addr)
warn("Wanted space at address 0x%.8x, mmap2 system call returned
0x%.8x. This could be a problem.",addr,temp_regs.r_eax);
else if (cr_options.verbose)
fprintf(stdout,"Successfully allocated [0x%.8lx -
0x%.8lx]\n",addr,addr+size);
/* Restore original registers */
if (ptrace(PT_SETREGS,exec_pid,(caddr_t)&temp_regs,0) < 0) {
die_perror("ptrace(PT_SETREGS,...) when restoring registering after
allocating memory (mmap2)");
}
}
On 27 March 2012 17:23, John Baldwin wrote:
> On Monday, March 26, 2012 1:56:08 pm Maninya M wrote:
> > I am trying to convert a function written for Linux to FreeBSD.
> > What is the equivalent of the __NR_mmap2 system call in FreeBSD?
> >
> > I keep getting the error because of this exception:
> > warn("Wanted space at address 0x%.8x, mmap2 system call returned 0x%.8x.
> > This could be a problem.",addr,temp_regs.eax);
>
> I think you could just use plain mmap() for this?
>
> However, it seems that this is injecting a call into an existing binary,
> not calling mmap() directly. A few things will need to change. First,
> FreeBSD system calls on i386 put their arguments on the stack, not in
> registers, so you will need to do a bit more work to push the arguments
> onto
> the stack rather than just setting registers.
>
> > I changed
> > temp_regs.eax = __NR_mmap2;
> > to
> > temp_regs.eax = 192;
> >
> > but it didn't work. I suppose I
__NR_mmap2 in FreeBSD
I am trying to convert a function written for Linux to FreeBSD.
What is the equivalent of the __NR_mmap2 system call in FreeBSD?
I keep getting the error because of this exception:
warn("Wanted space at address 0x%.8x, mmap2 system call returned 0x%.8x.
This could be a problem.",addr,temp_regs.eax);
I changed
temp_regs.eax = __NR_mmap2;
to
temp_regs.eax = 192;
but it didn't work. I suppose I couldn't understand this function. Please
help.
This is the function:
void map_memory(unsigned long addr, unsigned long size, int flags)
{
int status;
struct user_regs_struct regs,temp_regs;
unsigned long int_instr = 0x80cd; /* INT 0x80 */
if (ptrace(PTRACE_GETREGS,exec_pid,NULL,®s) < 0)
die_perror("ptrace(PTRACE_GETREGS,%d,NULL,®s)",exec_pid);
/* mmap2 system call seems to take arguments as follows:
* eax = __NR_mmap2
* ebx = (unsigned long) page aligned address
* ecx = (unsigned long) page aligned file size
* edx = protection
* esi = flags
* Other arguments (fd and pgoff) are not required for anonymous mapping
*/
temp_regs = regs;
temp_regs.eax = __NR_mmap2;
temp_regs.ebx = addr;
temp_regs.ecx = size;
temp_regs.edx = flags;
temp_regs.esi = MAP_PRIVATE | MAP_ANONYMOUS;
temp_regs.eip = temp_regs.esp - 4;
if (ptrace(PTRACE_POKETEXT,exec_pid,(void
*)(temp_regs.eip),(void*)int_instr) < 0)
die_perror("ptrace(PTRACE_POKETEXT,%d,0x%.8x,INT 0x80) failed while
allocating memory",exec_pid,temp_regs.eip);
if (ptrace(PTRACE_SETREGS,exec_pid,NULL,&temp_regs) < 0) {
die_perror("ptrace(PTRACE_SETREGS,%d,...) failed while allocating
memory",exec_pid);
}
if (ptrace(PTRACE_SINGLESTEP,exec_pid,NULL,NULL) < 0)
die_perror("ptrace(PTRACE_SINGLESTEP,...) failed while executing
mmap2");
wait(&status);
if (WIFEXITED(status))
die("Restarted process abrubtly (exited with value %d). Aborting
Restart.",WEXITSTATUS(status));
else if (WIFSIGNALED(status))
die("Restarted process abrubtly exited because of uncaught signal (%d).
Aborting Restart.",WTERMSIG(status));
if (ptrace(PTRACE_GETREGS,exec_pid,NULL,&temp_regs) < 0) {
die_perror("ptrace(PTRACE_GETREGS,...) failed after executing mmap2
system call");
}
if (temp_regs.eax != addr)
warn("Wanted space at address 0x%.8x, mmap2 system call returned
0x%.8x. This could be a problem.",addr,temp_regs.eax);
else if (cr_options.verbose)
fprintf(stdout,"Successfully allocated [0x%.8lx -
0x%.8lx]\n",addr,addr+size);
/* Restore original registers */
if (ptrace(PTRACE_SETREGS,exec_pid,NULL,®s) < 0) {
die_perror("ptrace(PTRACE_SETREGS,...) when restoring registering after
allocating memory (mmap2)");
}
}
--
Maninya
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
Fwd: Capture states of all processes at the same time
Thank you, Artem Belevich. It's working, I was able to get coredump files core.txt.0 and vmcore.0. What I want now is to restore the processes as they were when the crash occurred. Is there a way to do this? On 16 March 2012 11:38, Artem Belevich wrote: > On Thu, Mar 15, 2012 at 10:49 PM, Maninya M wrote: > > # sysctl debug.kdb.enter=1 > > > > -- > > > > But when I type that the computer hangs! > > Did you by any chance do that from a terminal window in X11 > environment? If that's the case, then kernel debugger is running, you > just don't see anything because it can print stuff out only on console > or serial port. If that indeed what happened, typing c and then ENTER > should unhang your system. After that you can switch to the console > with CTRL-ALT-F1 and enter debugger from there. > > --Artem > -- Maninya -- Maninya ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
Re: Capture states of all processes at the same time
I am unable to enter DDB. I used the command from this link: http://www.freebsd.org/doc/en/books/developers-handbook/kerneldebug-online-ddb.html where it says: -- The second scenario is to drop to the debugger once the system has booted. There are two simple ways to accomplish this. If you would like to break to the debugger from the command prompt, simply type the command: # sysctl debug.kdb.enter=1 -- But when I type that the computer hangs! What do I do? My primary aim is to get the process states of all processes running at a particular time, save them and be able to retrieve them when needed so I can run the processes from those states. Also how can I know in which CPU (I am using an intel i5 multicore system) core each process is running? On 15 March 2012 01:57, Julian Elischer wrote: > On 3/14/12 12:02 PM, Artem Belevich wrote: > >> On Wed, Mar 14, 2012 at 11:25 AM, Maninya M wrote: >> >>> Then typed this to force a panic: >>> >>> sysctl debug.kdb.panic=1 >>> >>> The computer just hung after this, and after waiting for a while I >>> pressed >>> the reboot button. >>> It said "no core dumps found" while rebooting. >>> >> First, make sure you have swap space configured. If minidump is not >> enabled (check sysctl debug.minidump) you will need to make sure you >> have more swap space than physical memory. >> Then make sure that dump device is set up correctly. See dumpdev in >> rc.conf(5) >> >> If that didn't work, you may be running into the issue in PR kern/155421: >> http://www.freebsd.org/cgi/**query-pr.cgi?pr=kern%2F155421&**cat=<http://www.freebsd.org/cgi/query-pr.cgi?pr=kern%2F155421&cat=> >> >> Alas, I don't know what to do about that. >> > > or just do "ps" from ddb and then continue. > > you can set things up in 9 (and maybe 8, I don't know) to capture the ddb > output.. > > > --Artem >> __**_ >> freebsd-hackers@freebsd.org mailing list >> http://lists.freebsd.org/**mailman/listinfo/freebsd-**hackers<http://lists.freebsd.org/mailman/listinfo/freebsd-hackers> >> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@** >> freebsd.org " >> >> > -- Maninya ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
Capture states of all processes at the same time
Thank you, I tried doing it the first way. I configured the kernel to include DDB, then typed on the console: sysctl debug.kdb.enter=1 to enter DDB. Then typed this to force a panic: sysctl debug.kdb.panic=1 The computer just hung after this, and after waiting for a while I pressed the reboot button. It said "no core dumps found" while rebooting. I couldn't find any core dumps in /var/crash either. So I tried again to enter DDB, typed sysctl debug.kdb.enter=1. Now the computer hangs even for this (tried it twice)! What did I do wrong? Please help me with the steps. On 14 March 2012 22:49, Artem Belevich wrote: > On Wed, Mar 14, 2012 at 9:31 AM, Maninya M wrote: > > How can I capture the states of all running processes at a particular > point > > in time? How can I retrieve this information for later use? > > Go into DDB. Do 'panic'. wait for the kernel to finish dumping core. > Once system reboots and saves kernel core, examine process state in > the core file with gdb. Obviously it's a postmortem examination which > may not be exactly what you want. > > Less destructive option would be to do 'ps' or 'show threads' in DDB, > save its output and then continue. > > --Artem > -- Maninya -- Maninya ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
Capture states of all processes at the same time
How can I capture the states of all running processes at a particular point in time? How can I retrieve this information for later use? -- Maninya ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
Re: CPUID and CPU STATE
Thank you. How do we get hardware cpuid? Can we change the number of CPUs available to the scheduler (in the scheduler code) dynamically, say completely cutting off a specific cpu core from being used at all? On 5 March 2012 22:51, John Baldwin wrote: > On Friday, March 02, 2012 2:20:00 am Maninya M wrote: > > I was unable to get this information about the cpuid variable in the > > scheduler source code. > > How does cpuid get its value from the hardware? > > The cpuid is a software ID value assigned during boot. It is not > directly related to any specific hardware IDs. > > > How is the CPUSTATES value obtained/changed with hardware in the source > > code? > > Do you mean, does cp_time[] handle hardware changes (hotplug CPUs, etc.)? > Currently that isn't supported, the kernel assumes the set of CPUs is > static for a given boot's lifetime. > > -- > John Baldwin > -- Maninya ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
CPUID and CPU STATE
I was unable to get this information about the cpuid variable in the scheduler source code. How does cpuid get its value from the hardware? How is the CPUSTATES value obtained/changed with hardware in the source code? Which system commands for the above? -- Maninya ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
OS support for fault tolerance
For multicore desktop computers, suppose one of the cores fails, the FreeBSD OS crashes. My question is about how I can make the OS tolerate this hardware fault. The strategy is to checkpoint the state of each core at specific intervals of time in main memory. Once a core fails, its previous state is retrieved from the main memory, and the processes that were running on it are rescheduled on the remaining cores. I read that the OS tolerates faults in large servers. I need to make it do this for a Desktop OS. I assume I would have to change the scheduler program. I am using FreeBSD 9.0 on an Intel core i5 quad core machine. How do I go about doing this? What exactly do I need to save for the "state" of the core? What else do I need to know? I have absolutely no experience with kernel programming or with FreeBSD. Any pointers to good sources about modifying the source-code of FreeBSD would be greatly appreciated. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
