问题
When using ptrace_attach.How can you know if the process you're attaching is running in 32 or 64 bits ?
I'm coding a little strace-like and I need to know if it's 32 or 64 bits because the number of the syscalls in RAX(EAX) will not have the same meaning.
When you're tracing a cmd (strace ls) it's quiet simple, you mmap the binary and you perform some checking with Elf.
But I cannot find anything regarding an already existing process ?
Thank you !
回答1:
This is quite an interesting question.
Using /proc/<PID>/exe is easy, but is not very reliable: /proc filesystem may not be mounted, or the process could be executing in a chroot.
I took a look at what strace does. It executes the following:
union {
struct user_regs_struct x86_64_r;
struct i386_user_regs_struct i386_r;
} regs;
struct iovec {
.iov_base = ®s,
.iov_len = sizeof(regs)
} x86_io;
ptrace(PTRACE_GETREGSET, pid, NT_PRSTATUS, &x86_io);
if (regs.iov_len == sizeof(i386_user_regs_struct) {
// this is a 32-bit process
} else {
// this is either x86_64, or x32 process
}
But is this fully portable
Nothing about ptrace is fully-portable. Just about every UNIX variant will require custom handling here.
来源:https://stackoverflow.com/questions/30107127/c-how-to-check-if-traced-process-is-32-bits