Click here to Skip to main content
15,868,016 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
As we know, the ptrace system call is one of the most powerful system calls in unix-like systems. All debugging software use ptrace for monitoring and manipulating another process, i.e. tracee. Using ptrace, we can track read/write system call in the tracee process. I ask, can we use ptrace in order to monitor the tracee and notify the tracer only when the tracee executes a branch instruction? Is this possible? if not, can we notify the tracer when a specific instruction at a specific address is executed?

PTRACE_SINGLESTEP is not appropriate to be used in my case because it leads to performance degradation.

Thanks for any help.

What I have tried:

I tried to modify the binary code to exchange each branch instruction with another one that traps the tracer. But I seek to find another way.
Posted
Updated 6-Mar-18 4:05am
Comments
Richard MacCutchan 6-Mar-18 11:08am    
No, because the tracer program needs to check each instruction as it is executed in order to test whether it is a branch instruction. In theory that would be possible but it would slow things down a lot.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900