Hi,
1) To have a less cryptic output you may add one function to your
program.
It is composed of an automatically built part from header (on my
system /usr/include/asm/unistd_32.h) sc.h file and
a C source file that includes the former.
a) Building the sc.h by :
awk 'NR==1 { printf("#include <%s>\n",FILENAME); } $1 == "#define" && $2
~ /__NR_.*/ { printf("{ %s, \"%s\"},\n",$3,substr($2,6)); } END
{ printf("{0,(char*)0}\n"); }' /usr/include/asm/unistd_32.h > sc.h
b) The sc.c file is :
#include <stdio.h>
static struct {
int syscall_no;
char *syscall_name;
} scor[] = {
#include "sc.h"
};
char *
getcorr(int syscall_no)
{
static char noname[32];
int i,maxi = sizeof(scor) / sizeof(scor[0]);
for(i=0;i<maxi;++i) {
if( syscall_no == scor[i].syscall_no ) {
return scor[i].syscall_name;
}
}
snprintf(noname,sizeof(noname),"?%d",syscall_no);
return noname;
}
#ifdef Test_MAIN
#include <stdlib.h>
int
main(int argc,char *argv[]) {
int i,no;
for(i=1;i<argc;++i) {
no = atoi(argv[i]); // Hoping this will be a number
!
printf("Syscall %d is \"%s\"\n",no,getcorr(no));
}
exit(0);
}
#endif
2) Some syscall use more than 2 arguments.
It could be nice to have more than 2 arguments displayed.
3) I find strange this futex(addr,FUTEX_WAKE,...) on line 2.
Could you find what is at the address -1210085564(0xffb7df8f44) (in
your name list and/or maps).
-Rogers
> Thanks for your quick answers!
> After poking a zero, I performed a little loop to get the system call number
> (orig_eax) and the next two arguments (ebx, ecx) of the next 20 system calls.
> This is how it looks:
>
> syscall=240 (1st_arg=-1210085564 2nd_arg=0)
> syscall=240 (1st_arg=-1210085564 2nd_arg=1)
> syscall=240 (1st_arg=-1210085564 2nd_arg=1)
> syscall=13 (1st_arg=-1075451152 2nd_arg=135199597)
> syscall=13 (1st_arg=-1075451152 2nd_arg=135199597)
> syscall=102 (1st_arg=1 2nd_arg=-1075451340)
> syscall=102 (1st_arg=1 2nd_arg=-1075451340)
> syscall=221 (1st_arg=11 2nd_arg=2)
> syscall=221 (1st_arg=11 2nd_arg=2)
> syscall=102 (1st_arg=3 2nd_arg=-1075451340)
> syscall=102 (1st_arg=3 2nd_arg=-1075451340)
> syscall=102 (1st_arg=9 2nd_arg=-1075451304)
> syscall=102 (1st_arg=9 2nd_arg=-1075451304)
> syscall=6 (1st_arg=11 2nd_arg=1)
> syscall=6 (1st_arg=11 2nd_arg=1)
> syscall=174 (1st_arg=17 2nd_arg=0)
> syscall=174 (1st_arg=17 2nd_arg=0)
> syscall=4 (1st_arg=6 2nd_arg=134908385)
> syscall=4 (1st_arg=6 2nd_arg=134908385)
> syscall=13 (1st_arg=-1075451152 2nd_arg=135199597)
> syscall=13 (1st_arg=-1075451152 2nd_arg=135199597)
> syscall=102 (1st_arg=1 2nd_arg=-1075451340)
> syscall=102 (1st_arg=1 2nd_arg=-1075451340)
> syscall=221 (1st_arg=11 2nd_arg=2)
> syscall=221 (1st_arg=11 2nd_arg=2)
> syscall=102 (1st_arg=3 2nd_arg=-1075451340)
> syscall=102 (1st_arg=3 2nd_arg=-1075451340)
> syscall=102 (1st_arg=9 2nd_arg=-1075451304)
> syscall=102 (1st_arg=9 2nd_arg=-1075451304)
> syscall=6 (1st_arg=11 2nd_arg=1)
> syscall=6 (1st_arg=11 2nd_arg=1)
> syscall=119 (1st_arg=1 2nd_arg=-1210093580)
> syscall=-1 (1st_arg=1 2nd_arg=-1075448172)
> syscall=221 (1st_arg=9 2nd_arg=2)
> syscall=221 (1st_arg=9 2nd_arg=2)
> syscall=102 (1st_arg=3 2nd_arg=-1075448172)
> syscall=102 (1st_arg=3 2nd_arg=-1075448172)
>
> This looks a little cryptic now, but you just need to have a look into
> /usr/include/asm-i486/unistd.h where all the numbers for the different
> system calls are defined. It seems each system call is represented by 2
> output lines. 240 stands for futex. 2nd arguent "0" means FUTEX_WAIT.
> "1" means FUTEX_WAKE. 119 stands for "sigreturn". This is where the
> signal handler is left and the process continues with the normal
> procedure. 221 is fcnt64 which is also part of the debug() call. 102 is
> socketcall which seems to be a synonym for "connect".
>
--
Futex hang when exiting using the window close button
https://bugs.launchpad.net/bugs/57731
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
