Can you send the DTrace invocation that you're using, please?
Adam
On Sun, Mar 23, 2008 at 09:16:25PM -0700, bryan wrote:
> I'm doing research into stack monitoring and have made a simple server that
> has the following method:
>
> int handle_reply(char *str){
> char response[256];
>
> strcpy(response,str);
>
> printf("The client says \"%s\"\n",response);
>
> return 0;
> }
>
> I'm overflowing this with 300 bytes of the letter 'A'. I'm verifying with
> gdb that the eip register contains the hex value for 'A' (0x41) but when i
> print out the value of eip in dtrace with uregs[R_EIP] on function return, it
> is still the original return address, not 0x41414141. The program is seg
> faulting so i know the eip is being overwritten but obviously i'm not using
> dtrace correctly in this case. I'm under the impression that uregs[] holds
> the values of the registers on the stack for the pocess it is instrumenting.
> I'm not exactly sure of how dtrace is implemented but i'm thinking dtrace
> should be copying the value of the eip register into a local buffer when the
> above function returns and therefore should have the value 0x41414141 since
> it has already been overwritten with that value. Dtrace does return the value
> 0x41414141 for the ebp register though, which is what i expected. Should the
> value of uregs[R_EIP] not also be 0x41414141?
>
> Any help on this would be appreciated.
>
>
> --
> This message posted from opensolaris.org
> _______________________________________________
> dtrace-discuss mailing list
> [email protected]
--
Adam Leventhal, Fishworks http://blogs.sun.com/ahl
_______________________________________________
dtrace-discuss mailing list
[email protected]
