Hi... On Mon, Nov 3, 2008 at 11:24 PM, Steven Zhou <lullaby2005@xxxxxxxxx> wrote: > Dear all, > > Recently, I studied the process structure "task_struct", and there's a > member "ptrace" confused me. > I have studied how to use ptrace system call first, and I have done. > > But I'm also confused with the principle of system call sys_ptrace() > implementation. I tried google it, > but I'm not satisfied with the result. A good article "playing with ptrace" > is fit for using ptrace, but it does > not explain how the ptrace() was implemented by kernel. > > Is there any one have the article about the implementation of ptrace()? > Can you share it ? I think better to grab book like Understanding the Linux kernel 3rd edition...because ptrace implementation covers signals handling, return from syscall, sometimes single stepping and so on. But in essence, there aren several modes of ptracing: 1. single stepping. this is done by enabling debug flag (if I remember correctly) or replacing next instruction with INT 0x3h 2. trapping syscall. this is done by setting a flag so that everytime there is a transition into kernel space(by calling syscall) or returning from syscall (ret_from_syscall...see entry.S), a notification is sent to ptracer. This also mean rescheduling is done...mean while the traced process is temporarily "halted" so its state can be analyzed by the tracer. regards, Mulyadi. -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ
