nelhage/regdump.c

## regdump.c
/*
 * $ gcc -m32 -fPIC -shared -o regdump.so regdump.c
 * $ LD_PRELOAD=$(pwd)/regdump.so ./test
 *
 * Dump register state with 'ud2a' (0F 0B)
 */

#define _GNU_SOURCE
#include <signal.h>
#include <stdlib.h>
#include <stdio.h>
#include <sys/ucontext.h>

void regdump_sigill(int signal, siginfo_t *info, void *ctx) {
    ucontext_t *uctx = (ucontext_t*)ctx;
    printf("eip=%08x eflags=%08x\n",
           uctx->uc_mcontext.gregs[REG_EIP],
           uctx->uc_mcontext.gregs[REG_EFL]);
    printf("eax=%08x ebx=%08x\n",
           uctx->uc_mcontext.gregs[REG_EAX],
           uctx->uc_mcontext.gregs[REG_EBX]);
    printf("ecx=%08x ecx=%08x\n",
           uctx->uc_mcontext.gregs[REG_ECX],
           uctx->uc_mcontext.gregs[REG_EDX]);
    printf("ebp=%08x esp=%08x\n",
           uctx->uc_mcontext.gregs[REG_EBP],
           uctx->uc_mcontext.gregs[REG_ESP]);
    printf("esi=%08x edi=%08x\n",
           uctx->uc_mcontext.gregs[REG_ESI],
           uctx->uc_mcontext.gregs[REG_EDI]);
    uctx->uc_mcontext.gregs[REG_EIP] += 2;
}

void __attribute__((constructor)) regdump_init(void)  {
    struct sigaction act = {
        .sa_sigaction = regdump_sigill,
        .sa_flags     = SA_SIGINFO
    };
    sigaction(SIGILL, &act, NULL);
}
	/*
	* $ gcc -m32 -fPIC -shared -o regdump.so regdump.c
	* $ LD_PRELOAD=$(pwd)/regdump.so ./test
	*
	* Dump register state with 'ud2a' (0F 0B)
	*/

	#define _GNU_SOURCE
	#include <signal.h>
	#include <stdlib.h>
	#include <stdio.h>
	#include <sys/ucontext.h>

	void regdump_sigill(int signal, siginfo_t info, void ctx) {
	ucontext_t uctx = (ucontext_t)ctx;
	printf("eip=%08x eflags=%08x\n",
	uctx->uc_mcontext.gregs[REG_EIP],
	uctx->uc_mcontext.gregs[REG_EFL]);
	printf("eax=%08x ebx=%08x\n",
	uctx->uc_mcontext.gregs[REG_EAX],
	uctx->uc_mcontext.gregs[REG_EBX]);
	printf("ecx=%08x ecx=%08x\n",
	uctx->uc_mcontext.gregs[REG_ECX],
	uctx->uc_mcontext.gregs[REG_EDX]);
	printf("ebp=%08x esp=%08x\n",
	uctx->uc_mcontext.gregs[REG_EBP],
	uctx->uc_mcontext.gregs[REG_ESP]);
	printf("esi=%08x edi=%08x\n",
	uctx->uc_mcontext.gregs[REG_ESI],
	uctx->uc_mcontext.gregs[REG_EDI]);
	uctx->uc_mcontext.gregs[REG_EIP] += 2;
	}

	void __attribute__((constructor)) regdump_init(void) {
	struct sigaction act = {
	.sa_sigaction = regdump_sigill,
	.sa_flags = SA_SIGINFO
	};
	sigaction(SIGILL, &act, NULL);
	}