问题
I am trying to port a tool to osx which is designed to run on linux and freebsd. There is a case in the program where access to the EIP and EBP is need. This is done via the ucontext.
So i added a case for __APPLE__ to place a suitable access to the ucontext struct.
9887 #if defined(__FreeBSD__)
9888 *paddr = uc->uc_mcontext.mc_eip;
9889 #elif defined(__dietlibc__)
9890 *paddr = uc->uc_mcontext.eip;
9891 #elif defined(__APPLE__)
9892 *paddr = uc->uc_mcontext.ss.eip;
9893 #else
9894 *paddr = uc->uc_mcontext.gregs[REG_EIP];
9895 #endif
But uc->uc_mcontext.ss.eip doesn't compile. Not sure how to access the EIP from the ucontext.
回答1:
It appears the naming scheme changed in OS X 10.5, where it should be uc->uc_mcontext->__ss.__eip. On later versions this is uc->uc_mcontext->__ss.__rip for x86_64.
Found by quick google search, refs: 1, 2
来源:https://stackoverflow.com/questions/797575/access-eip-and-ebp-via-ucontext-on-os-x