给定eip时访问ebp
[英]Access ebp when given eip
问题描述
I am trying to develop a runtime stack tracer. 
我正在尝试开发运行时堆栈跟踪程序。 I have a function that returns the EIP address whenever the program being traced segfaults. 我有一个函数,可以在程序被跟踪段故障时返回EIP地址。 How can I get back to the ebp of the current function (the one during which the program under observation crashed) so that I can start tracing up? 如何返回当前函数的ebp(正在观察的程序崩溃),以便可以开始跟踪?
2 个解决方案
解决方案1
5 2010-11-15 16:54:29
There is no way to convert an instruction pointer to a stack frame pointer. 无法将指令指针转换为堆栈帧指针。 The same function may be invoked many times (even recursively) with different stack addresses; 可以使用不同的堆栈地址多次(甚至递归地)调用同一函数。 that's the whole point of having a call stack. 这就是拥有调用堆栈的全部要点。 If you have a crash dump file (core file, etc.) it should contain a dump of all the registers. 如果您有故障转储文件(核心文件等),则应包含所有寄存器的转储。 If you want the register values you must read them from here. 如果需要寄存器值,则必须从此处读取它们。
解决方案2
3 2010-11-15 19:09:35
The current ebp and esp (and all other registers) at the time of the segfault is available in the ucontext, which is passed as the third argument to the signal handler. 在段错误时,当前的ebp和esp(以及所有其他寄存器)在ucontext中可用,它作为第三个参数传递给信号处理程序。 The details of what's where in the ucontext is OS and CPU specific. ucontext中的具体位置是特定于OS和CPU的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.