Here is the latest script that I used just so i could see the values at both
entry and
return for both handle_reply and strcpy:
-----------------------------
#!/usr/sbin/dtrace -s
pid$1::handle_reply:entry
{
printf("\nEBP=%x EIP=%x\n", uregs[R_EBP], uregs[R_EIP]);
}
pid$1::strcpy:entry
{
printf("\nEBP=%x EIP=%x\n", uregs[R_EBP], uregs[R_EIP]);
}
pid$1::strcpy:return
{
printf("\nEBP=%x EIP=%x\n", uregs[R_EBP], uregs[R_EIP]);
}
pid$1::handle_reply:return
{
printf("\nEBP%x EIP=%x\n", uregs[R_EBP], uregs[R_EIP]);
}
-----------------------
I literally just ran the script below though and i'm getting both registers
showing 0x41414141:
--------------------------
#!/usr/sbin/dtrace -s
fbt::strcpy:return
/ pid == $1 /
{
printf("Buffer overflow: eip=%x ebp=%x\n", uregs[R_EIP], uregs[R_EBP]);
}
-------------------------
with this output:
CPU ID FUNCTION:NAME
1 22691 strcpy:return Buffer overflow: eip=fedc5b35
ebp=8045f4c
0 22691 strcpy:return Buffer overflow: eip=41414141
ebp=41414141
0 22691 strcpy:return Buffer overflow: eip=41414141
ebp=41414141
0 22691 strcpy:return Buffer overflow: eip=41414141
ebp=41414141
0 22691 strcpy:return Buffer overflow: eip=41414141
ebp=41414141
^C
Though i'm a little confused on this output, especially the first line and the
multiple outputs for a program that seg faulted. I've been focusing on the pid
provider too much i guess, I would still like to know what i'm doing wrong on
the pid provider or what the difference is as to why it doesn't report the same
back. Thanks for the time and help.
--
This message posted from opensolaris.org
_______________________________________________
dtrace-discuss mailing list
[email protected]
