I am trying to relocate the stack of a process.
I have kept the process very simple.
In a way that it has many restrictions like,
1. It does not use pointers
2. Its single threaded
3. Does not use any file I/O
4. No global & dynamic data.
I extract the stack info from /proc/[pid]/maps & simply dump all the binary data from the stack.
When I want to restore the process to its earlier state, I copy this data in the new stack's address.
Problem is that when the restored process makes a function call, or returns from any call, the frame pointer/base pointer (BP) stored in stack in the earlier run is not valid in the current run of the process.
Is there a way by which I can find the location of the base pointer in the call stack & update it before restoring it?
Can anyone please help me with this?
Relocate a process' Stack correctly
I do the very same thing in my kernel. You can look at the current base pointer (you'd have to extract this from the program somehow), then follow the trail of base pointers up the stack.
1. Look at the current base pointer.
2. The next base pointer is at the address of the value of the current base pointer.
3. relocate the base pointer, and overwrite the stack's version.
4. goto 1, with the 'current base pointer' as the next one. (myNextEbp).
Cheers,
JamesM
1. Look at the current base pointer.
2. The next base pointer is at the address of the value of the current base pointer.
Code: Select all
myNextEbp = *(unsigned int *)ebp;4. goto 1, with the 'current base pointer' as the next one. (myNextEbp).
Cheers,
JamesM