Hi, While trying to add a feature to strace related to -i, I was disappointed (a bit) about this option.
The man page explain: -i Print the instruction pointer at the time of the system call. Then add a note: The -i option is weakly supported I think the note is not explicitly clear, at least under Linux. As you may know (kidding :), under Linux, syscall are called through a "vdso" (as reported in /proc/<pid>/maps) a.k.a. linux-gate.so.1 (as reported by ldd). The instruction pointer at syscall time is always the entry point in the vdso. So the -i option really not useful. At least for me. People trying to figure out what's done by an exploit or a rootkit would probably found it more useful. BTW, the manpage could be improved if something like this were added: "The -i option is weakly supported: on some system, were syscalls are call through a gate, like Linux, instruction pointer is likely to have a fixed value" Regards. -- Yann Droneaud ------------------------------------------------------------------------------ Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev _______________________________________________ Strace-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/strace-devel
