Linux signal handling. How to get address of interrupted instruction? [duplicate]

Question

Is there any way to figure out address of machine instruction, that was interrupted by some signal? Assuming that we are at handler established by sigaction() and have all access to passed siginfo_t and ucontext_t. As far as I see man pages says nothing about it.

Answer 1

Lets see below example for linux and x86 architure

#include<stdio.h>
#define __USE_GNU
#include<signal.h>
#include<ucontext.h>

void myhandle(int mysignal, siginfo_t *si, void* arg)
{    
  ucontext_t *context = (ucontext_t *)arg;
  printf("Address from where crash happen is %x \n",context->uc_mcontext.gregs[REG_RIP]);
  context->uc_mcontext.gregs[REG_RIP] = context->uc_mcontext.gregs[REG_RIP] + 0x04 ;

}

int main(int argc, char *argv[])
{
  struct sigaction action;
  action.sa_sigaction = &myhandle;
  action.sa_flags = SA_SIGINFO;
  sigaction(11,&action,NULL);

  printf("Before segfault\n");

  int *a=NULL;
  int b;
  b =*a; // Here crash will hapen

  printf("I am still alive\n");

  return 0;
}

Now compile and run and see discompiled instrustion sets.

jeegar@jeegar:~/stackoverflow$ gcc -g test1.c  -o test1.o
jeegar@jeegar:~/stackoverflow$ ./test1.o 
Before segfault
Signal is 11
Address from where crash happen is 40065b 
I am still alive
jeegar@jeegar:~/stackoverflow$ objdump -S test1.o 

Here in object dump

  printf("Before segfault\n");
  400645:   bf a8 07 40 00          mov    $0x4007a8,%edi
  40064a:   e8 21 fe ff ff          callq  400470 <puts@plt>

  int *a=NULL;
  40064f:   48 c7 45 f0 00 00 00    movq   $0x0,-0x10(%rbp)
  400656:   00 
  int b;
  b =*a; // Here crash will hapen
  400657:   48 8b 45 f0             mov    -0x10(%rbp),%rax
  40065b:   8b 00                   mov    (%rax),%eax
  40065d:   89 45 fc                mov    %eax,-0x4(%rbp)

  printf("I am still alive\n");
  400660:   bf b8 07 40 00          mov    $0x4007b8,%edi
  400665:   e8 06 fe ff ff          callq  400470 <puts@plt>

At 40065b address which machine code is there and which line of your code has done this.

---

Here i have given you and example code, where segmentation happen and on system's Seg fault signal one handler will be called and in that i have fetched the address of last executated machine cycle and print that address. To varify that address i have also shown the object dump of that code and segmentation falt line's machine instruction matches.

I think this is what you want.

Answer 2

Not portable. But this is for x86_64:

The structure ucontext_t contains the value of the register REG_RIP, which should hold the value you look for. This is the first instruction, which will be executed, after returning from the sighandler.

Other architectures should have similar registers (EIP on x86_32, etc.).