tags:

views:

142

answers:

2
Q: 

How can we get Function name from Spack Pointer(reg/SP) on Linux?

Hi, i am using ptrace to get information related to Callstack on Linux. i can retrieve Spack Pointer to my stack using register returned by ptarces. but using this stack pointer how can i retrieve information related to Function name and signature of current call stack?

are there any Linux APIs to traverse this callstack?

please help.. i am looking for it from last few days...

thanks in advance Sandeep

A: 

The first thing you need to get is a list of code addresses - that of the currently executing function, and the return addresses going back up the call chain.

On x86, the %eip register will contain a memory address within the code of the currently-executing function. The %ebp register will point at the location on the stack where the previous value of %ebp is stored, followed by the return value. You need to follow that chain of %ebp values, recording the return addresses as you go.

You then need to read the DWARF debugging information in the binary file you're debugging to resolve code addresses back to function names.

Note that backtraces can only be done reliably if the code is compiled with frame pointers.

caf  2010-04-16 00:53:16
What is the significance of these pointers as i get these values from register? How this chain can be followed -#define BP rbp /*Frame pointer*/#define SP rsp /*Stack pointer*/#define IP rip /*Program counter*/i am new to this concept. Could you plz guide?
Sandeep P  2010-04-16 06:45:07
The first thing that happens when a function is entered is that the current value of the frame pointer is pushed onto the stack. Then, the frame pointer is set to the current value of the stack pointer. So, working backwards, you can use the current frame pointer to find the location of the previous frame pointer and the return value.
caf  2010-04-16 08:54:03
Hi caf, Thanks for your answers. but i am confused here..let me tell you what all information i am having about my callstack.i have a pointer of the register structure, which has these three pointers in it. i.e. stack pointer, program counter and frame pointer and other general pointers. now as i want to traverse stack to get addresses from each frame.
Sandeep P  2010-04-16 10:20:56
Now my question is, How do i travese backword from the stack as i dont have any Function to traverse. i need to calculated the offeset between the stack frames or something like that...how do i calculated this offset distance? can i substract this from Stack pointer to get previous Frame pointer?let me know if you want more information from me.
Sandeep P  2010-04-16 10:21:24
again one more point.. as i want to look for Function name in symbol table by the Function address from this stack, which pointer from this would give me the Function address of current executing stack.
Sandeep P  2010-04-16 10:28:42
Look at the content of the frame pointer. That's a pointer into the target processes stack. If you follow that pointer, by looking it up in the address space of the target process (with `PTRACE_PEEK`), you'll find the *previous* value of the frame pointer. Repeat that to traverse your way up the call stack.
caf  2010-04-16 10:38:15
Thanks caf. this really helped. i am facing a case where all my base pointer values are same when i read those with PEEKDATA. it is the case with Tomcat process. what does it mean. what should be the reason? is this case possible? with the simple C application i get the correct results as i expected.
Sandeep P  2010-07-07 11:18:22
@Sandeep: Possible the process was compiled without frame pointers (or you've made a mistake implementing it). This is common for an optimising compile on i386, because the architecture lacks registers. If you can compile Tomcat yourself, make sure it's not compiled with `-fomit-frame-pointer`.
caf  2010-07-07 11:27:41
A: 

I strongly suggest using libunwind in this case. It provides a good API for traversal of call-stack. It depends on presence of .eh_frame header in the object file.It can be used both in local and remote(your use case) contexts. Stack unwinding does not depend on DWARF information or debug builds.

Raghu  2010-04-16 14:24:11
i could not find the library of libunwind compatible to my Linux. Where can i download from.
Sandeep P  2010-04-19 04:03:24
is ".eh_frame header" header auto generated while compilation? what do you think? which object file you are talking about?
Sandeep P  2010-07-07 11:21:58

related questions

grep a file, but show several surrounding lines?
VMWare Server Under Linux Secondary NIC connection
Should I move from C++ to Python? ... Or another language?
Globus Toolkit virtual machine
How to avoid redefining VERSION, PACKAGE, etc.
How do I setup Public-Key Authentication?
showing a message box from a bash script in linux
Best Linux Distro for Computer Repair
Mapping my custom keys in Debian
Any IcedTea war stories?
How do you find the age of a long-running Linux process?
Personal Linux web server
Programmatically talking to a Serial Port in OS X or Linux
what's in your .bashrc ?
Linux - files and scripts that execute on boot
Text Editor For Linux (Besides Vi)?
Lightweight IDE for Linux
Shell scripting input redirection oddities
XML Editing/Viewing Software
What should a longtime Windows user know when starting to use Linux?
Gtk SSH client for Linux?
Getting root permissions on a file inside of vi?
Is it possible to drag windows between workspaces when using Compiz?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?