This is the mail archive of the
gdb-patches@sourceware.org
mailing list for the GDB project.
Re: [PATCH 1/4] 'catch syscall' feature -- Architecture-independent part
> Date: Wed, 05 Nov 2008 06:09:28 +0200
> From: Eli Zaretskii <eliz@gnu.org>
>
> > From: Pedro Alves <pedro@codesourcery.com>
> > Date: Tue, 4 Nov 2008 22:30:27 +0000
> > Cc: Thiago Jung Bauermann <bauerman@br.ibm.com>,
> > Eli Zaretskii <eliz@gnu.org>,
> > =?utf-8?q?S=C3=A9rgio_Durigan_J=C3=BAnior?= <sergiodj@linux.vnet.ibm.com>
> >
> > On Tuesday 04 November 2008 22:11:27, Thiago Jung Bauermann wrote:
> > > El mar, 04-11-2008 a las 23:12 +0200, Eli Zaretskii escribió:
> > > > Who said that a syscall is necessarily defined by some number?
> > >
> > > I assumed every OS used numbers to define syscalls ...
> > >
> > > > More generally, let's say I'd like to implement support for this on
> > > > Windows -- how would I need to go about it?
> > >
> > > ... but from what you are saying it seems that in Windows it's
> > > different. What's the proper datatype to represent a syscall there?
> >
> > Depends on what you're calling a syscall on Windows.
> >
> > If talking about userland->kernel calls, similarly to this
> > new feature, an integer.
> >
> > http://www.metasploit.com/users/opcode/syscalls.html
> > http://www.codeguru.com/cpp/w-p/system/devicedriverdevelopment/article.php/c8035
> >
> > strace-like tracers on Windows are usually more interested in
> > tracing calls to all kinds of dlls, and they usually do so by
> > playing games with the import tables, I believe.
>
> I was thinking about the latter, as that is what is usually
> interesting.
I won't stop you from implementing this as a windows-specific feature,
but I think we should reserve "catch syscall" for the case where you
actually hand over control to the kernel (and therefore wouldn't be
able to single-step instructions anymore).
Mark