PTrace: linux/user.h: No such file or directory
Solution 1
Try including sys/user.h and sys/reg.h ORIG_EAX is defined in reg.h
Solution 2
Well lets go further a bit and look at reg.h from /usr/include/sys/reg.h and we have the code as below; for 64 bit its ORIG_RAX else ORIG_EAX. Mine is a 64 bit workstation.
Also for 64 bit the code variation is as below, since it is 8 byte long array
orig_rax = ptrace(PTRACE_PEEKUSER,
child, 8 * ORIG_RAX,
NULL);
And the result would be 59
for execve
system-call (/usr/include/asm/unistd_64.h)
The child made a system call 59
/usr/include/sys/reg.h
#if __WORDSIZE == 64
/* Index into an array of 8 byte longs returned from ptrace for
location of the users' stored general purpose registers. */
# define R15 0
# define R14 1
# define R13 2
# define R12 3
# define RBP 4
# define RBX 5
# define R11 6
# define R10 7
# define R9 8
# define R8 9
# define RAX 10
# define RCX 11
# define RDX 12
# define RSI 13
# define RDI 14
# define ORIG_RAX 15
# define RIP 16
# define CS 17
# define EFLAGS 18
# define RSP 19
# define SS 20
# define FS_BASE 21
# define GS_BASE 22
# define DS 23
# define ES 24
# define FS 25
# define GS 26
#else
/* Index into an array of 4 byte integers returned from ptrace for
* location of the users' stored general purpose registers. */
# define EBX 0
# define ECX 1
# define EDX 2
# define ESI 3
# define EDI 4
# define EBP 5
# define EAX 6
# define DS 7
# define ES 8
# define FS 9
# define GS 10
# define ORIG_EAX 11
# define EIP 12
# define CS 13
# define EFL 14
# define UESP 15
# define SS 16
#endif
Related videos on Youtube
Nishant Kumar
Updated on October 03, 2022Comments
-
Nishant Kumar over 1 year
I am using Ubuntu 12.04 with linux-headers-3.2.0-60 on intel 32-bit machine.I am trying to build this simple program to understand
PTrace
. But getting error during compilation.#include <sys/ptrace.h> #include <sys/types.h> #include <sys/wait.h> #include <unistd.h> #include <linux/user.h> /* For constants ORIG_EAX etc */ int main() { pid_t child; long orig_eax; child = fork(); if(child == 0) { ptrace(PTRACE_TRACEME, 0, NULL, NULL); execl("/bin/ls", "ls", NULL); } else { wait(NULL); orig_eax = ptrace(PTRACE_PEEKUSER, child, 4 * ORIG_EAX, NULL); printf("The child made a " "system call %ld\n", orig_eax); ptrace(PTRACE_CONT, child, NULL, NULL); } return 0; }
I am getting these error:
make all Building file: ../src/Test.cpp Invoking: Cross G++ Compiler g++ -I/usr/local/include/boost -O0 -g3 -Wall -c -fmessage-length=0 -pthread -MMD -MP -MF"src/Test.d" -MT"src/Test.d" -o "src/Test.o" "../src/Test.cpp" ../src/Test.cpp:6:51: fatal error: linux/user.h: No such file or directory compilation terminated. make: *** [src/Test.o] Error 1
I checked my
/usr/include/linux
folder but there is no file nameduser.h
. I tried with<sys/user.h>
but it gave another error.../src/Test.cpp:18:38: error: ‘ORIG_EAX’ was not declared in this scope
Please help.
-
Harish Kayarohanam about 9 yearsEven after including both still I am unable to get that constant ORIG_EAX .. but I am able to see this line in sys/reg.h # define ORIG_EAX 11. Can you help ?
-
Harish Kayarohanam about 9 yearsya found the problem .. mine was 64 bit so had to use ORIG_RAX
-
jarvis1729 about 8 yearsFound theantway.com/2013/01/… which is relevant and contains more info.
-
Mohit over 4 yearsI was also facing the 64 bit issue and I had to replace all the EAX,EBX,ECX,EDX to RAX,RBX,RCX,RDX respectively