Wang Yi wrote: > Hello, > > X86 has 4 hardware debug registers, which could be used to > implement watchpoints in debuggers. > I checked gdb maillist and some gdb code to find out that gdb uses > ptrace to set up hardware debug registers. I'm not familiar with > details of ptrace syscall, but I know that a process can not ptrace > itself. So there has to be a third-part program such as gdb to call > ptrace. > My question is: is there any approach to use debugger registers > directly without using a third-party program? > I mean to implement gdb's watchpoint in user program, so that I can > set up hardware watchpoints manually and conveniently without gdb, any > suggestions? > > thx > > Leo > > -- > To unsubscribe from this list: send an email with > "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx > Please read the FAQ at http://kernelnewbies.org/FAQ > > You can check the code of mood- rootkit, as well as the new one DR rootkit from Immuniti Inc. (DR stands for Debug Register) Those programs use the debug registers directly to hook some syscalls.. Giannis -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ
