4

Let's say I have a process that contains three threads: A, B, and C.

I want to use thread A to pause thread B, examine thread B's register values/stack contents, and then feed some of that information from thread B into thread C (via thread A).

According to this post from Linus Torvalds, the ptrace syscall won't work here because the threads are within the same process.

Is there another way of accomplishing this?

Update: this question discusses why it doesn't work; I'd like to know if a work-around exists that doesn't involve creating a child process.

Community
  • 1
  • 1
tonysdg
  • 1,335
  • 11
  • 32

1 Answers1

2

You might be able to work around this using a signal. Pick an otherwise unused signal, eg SIGUSR1 and install a signal handler for it using the sa_sigaction member of struct sigaction and specifying the SA_SIGINFO flag. Block the signal in every thread except the thread of interest (thread B).

When you want to examine thread B, send a thread-directed signal to it using pthread_kill(). The signal handler will then fire, and its third argument will be a pointer to a ucontext_t structure. The uc_mcontext member of this structure is a machine-dependent mcontext_t structure, which will contain the register values at the point that the thread was interrupted.

You then just need to devise a safe way to pass these values back to thread A.

caf
  • 233,326
  • 40
  • 323
  • 462