PTrace: linux/user.h: No such file or directory

13,698

Solution 1

Try including sys/user.h and sys/reg.h ORIG_EAX is defined in reg.h

Solution 2

Well lets go further a bit and look at reg.h from /usr/include/sys/reg.h and we have the code as below; for 64 bit its ORIG_RAX else ORIG_EAX. Mine is a 64 bit workstation.

Also for 64 bit the code variation is as below, since it is 8 byte long array

    orig_rax = ptrace(PTRACE_PEEKUSER,
            child, 8 * ORIG_RAX,
            NULL);

And the result would be 59 for execve system-call (/usr/include/asm/unistd_64.h)

The child made a system call 59

/usr/include/sys/reg.h

#if __WORDSIZE == 64
/* Index into an array of 8 byte longs returned from ptrace for
    location of the users' stored general purpose registers.  */

# define R15    0
# define R14    1
# define R13    2
# define R12    3
# define RBP    4
# define RBX    5
# define R11    6
# define R10    7
# define R9 8
# define R8 9
# define RAX    10
# define RCX    11
# define RDX    12
# define RSI    13
# define RDI    14
# define ORIG_RAX 15
# define RIP    16
# define CS 17
# define EFLAGS 18
# define RSP    19
# define SS 20
# define FS_BASE 21
# define GS_BASE 22
# define DS 23
# define ES 24
# define FS 25
# define GS 26
#else

/* Index into an array of 4 byte integers returned from ptrace for
 * location of the users' stored general purpose registers. */

# define EBX 0
# define ECX 1
# define EDX 2
# define ESI 3
# define EDI 4
# define EBP 5
# define EAX 6
# define DS 7
# define ES 8
# define FS 9
# define GS 10
# define ORIG_EAX 11
# define EIP 12
# define CS  13
# define EFL 14
# define UESP 15
# define SS   16
#endif
Share:
13,698

Related videos on Youtube

Nishant Kumar
Author by

Nishant Kumar

Updated on October 03, 2022

Comments

  • Nishant Kumar
    Nishant Kumar over 1 year

    I am using Ubuntu 12.04 with linux-headers-3.2.0-60 on intel 32-bit machine.I am trying to build this simple program to understand PTrace. But getting error during compilation.

    #include <sys/ptrace.h>
    #include <sys/types.h>
    #include <sys/wait.h>
    #include <unistd.h>
    #include <linux/user.h>   /* For constants
                                       ORIG_EAX etc */
    int main()
    {   pid_t child;
        long orig_eax;
        child = fork();
        if(child == 0) {
            ptrace(PTRACE_TRACEME, 0, NULL, NULL);
            execl("/bin/ls", "ls", NULL);
        }
        else {
            wait(NULL);
            orig_eax = ptrace(PTRACE_PEEKUSER,
                              child, 4 * ORIG_EAX,
                              NULL);
            printf("The child made a "
                   "system call %ld\n", orig_eax);
            ptrace(PTRACE_CONT, child, NULL, NULL);
        }
        return 0;
    }
    

    I am getting these error:

    make all 
    Building file: ../src/Test.cpp
    Invoking: Cross G++ Compiler
    g++ -I/usr/local/include/boost -O0 -g3 -Wall -c -fmessage-length=0  -pthread -MMD -MP -MF"src/Test.d" -MT"src/Test.d" -o "src/Test.o" "../src/Test.cpp"
    ../src/Test.cpp:6:51: fatal error: linux/user.h: No such file or directory
    compilation terminated.
    make: *** [src/Test.o] Error 1
    

    I checked my /usr/include/linux folder but there is no file named user.h. I tried with <sys/user.h> but it gave another error.

    ../src/Test.cpp:18:38: error: ‘ORIG_EAX’ was not declared in this scope
    

    Please help.

  • Harish Kayarohanam
    Harish Kayarohanam about 9 years
    Even after including both still I am unable to get that constant ORIG_EAX .. but I am able to see this line in sys/reg.h # define ORIG_EAX 11. Can you help ?
  • Harish Kayarohanam
    Harish Kayarohanam about 9 years
    ya found the problem .. mine was 64 bit so had to use ORIG_RAX
  • jarvis1729
    jarvis1729 about 8 years
    Found theantway.com/2013/01/… which is relevant and contains more info.
  • Mohit
    Mohit over 4 years
    I was also facing the 64 bit issue and I had to replace all the EAX,EBX,ECX,EDX to RAX,RBX,RCX,RDX respectively