setting breakpoint in system call. Solaris vs. Windows

Java CAPS, like other SOA/EAI products, has an adapter for ftp. We recently had to test timeout feature when ftp server hangs on logon. To reproduce the problem, I used debugger to set breakpoint in system call.


Breakpoint - Wikipedia, the free encyclopedia

a breakpoint is a means of acquiring knowledge about a program during its execution


1. Solaris

We know ftp server will read/write some stuff from/to network while authenticating. I used write() system call this time.

# mdb -o follow_fork_mode=child,follow_exec_mode=follow -p $(pgrep inetd)
Loading modules: [ ld.so.1 libumem.so.1 libuutil.so.1 libc.so.1 libnvpair.so.1 libsysevent.so.1 ]
> ::sysbp write
> :c
mdb: target forked child process 27158 (debugger following child)   <-- ftp client tries to connect
mdb: target performed exec of /usr/sbin/in.ftpd
mdb: stop on entry to write
mdb: target stopped at:
libc.so.1`_write+8:     ta        8
> 


2. Windows

What is the equivalent of write() system call on Windows? I tried ntdll.dll!NtWriteFile but it didn't work. NtWriteFile() may be strictly for local file system write. I used ws2_32.dll!send instead. 


Install Debugging Tools for Windows 32-bit Version

Current Release version 6.9.3.113 - April 29, 2008 [17.5 MB]


$ tasklist /svc | grep -i ftp
inetinfo.exe                  2400 IISADMIN, MSFtpsvc
$ cdb -p 2400
Microsoft (R) Windows Debugger  Version 6.6.0007.5
\*\*\* wait with pending attach
Symbol search path is: SRV\*e:\\symbols\*http://msdl.microsoft.com/download/symbols
Executable search path is: 
ModLoad: 01000000 01006000   D:\\WINDOWS\\system32\\inetsrv\\inetinfo.exe
ModLoad: 7c950000 7ca2a000   D:\\WINDOWS\\system32\\ntdll.dll
[...]
ModLoad: 71aa0000 71ab7000   D:\\WINDOWS\\system32\\WS2_32.dll
[...]
0:016> X \*!send
719e619f mswsock!send = 
71ab06b2 WS2_32!send = 
0:016> bp WS2_32!send
0:016> g
Breakpoint 0 hit                   <-- ftp client tries to connect
eax=00000000 ebx=6808374c ecx=0193f5d4 edx=0193f3a0 esi=0000001b edi=68083554
eip=71ab06b2 esp=0193f5b4 ebp=0193f5e0 iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
WS2_32!send:
71ab06b2 8bff            mov     edi,edi
Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

The views expressed on this blog are my own and do not necessarily reflect the views of Oracle.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today