Giannis Kozyrakis wrote: > Wang Yi wrote: >> Hello, >> >> X86 has 4 hardware debug registers, which could be used to >> implement watchpoints in debuggers. >> I checked gdb maillist and some gdb code to find out that gdb uses >> ptrace to set up hardware debug registers. I'm not familiar with >> details of ptrace syscall, but I know that a process can not ptrace >> itself. So there has to be a third-part program such as gdb to call >> ptrace. >> My question is: is there any approach to use debugger registers >> directly without using a third-party program? >> I mean to implement gdb's watchpoint in user program, so that I can >> set up hardware watchpoints manually and conveniently without gdb, any >> suggestions? >> >> thx >> >> Leo >> >> -- >> To unsubscribe from this list: send an email with >> "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx >> Please read the FAQ at http://kernelnewbies.org/FAQ >> >> > > You can check the code of mood- rootkit, as well as the new one DR > rootkit from Immuniti Inc. (DR stands for Debug Register) > Those programs use the debug registers directly to hook some syscalls.. > > Giannis > > -- > To unsubscribe from this list: send an email with > "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx > Please read the FAQ at http://kernelnewbies.org/FAQ > > That was mood-nt (not mood-). And Immuniti should be Immunity, but anyway. -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ
