PTrace: linux/user.h: No such file or directory

Question

I am using Ubuntu 12.04 with linux-headers-3.2.0-60 on intel 32-bit machine.I am trying to build this simple program to understand PTrace. But getting error during compilation.

#include <sys/ptrace.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>
#include <linux/user.h>   /* For constants
                                   ORIG_EAX etc */
int main()
{   pid_t child;
    long orig_eax;
    child = fork();
    if(child == 0) {
        ptrace(PTRACE_TRACEME, 0, NULL, NULL);
        execl("/bin/ls", "ls", NULL);
    }
    else {
        wait(NULL);
        orig_eax = ptrace(PTRACE_PEEKUSER,
                          child, 4 * ORIG_EAX,
                          NULL);
        printf("The child made a "
               "system call %ld\n", orig_eax);
        ptrace(PTRACE_CONT, child, NULL, NULL);
    }
    return 0;
}

I am getting these error:

make all 
Building file: ../src/Test.cpp
Invoking: Cross G++ Compiler
g++ -I/usr/local/include/boost -O0 -g3 -Wall -c -fmessage-length=0  -pthread -MMD -MP -MF"src/Test.d" -MT"src/Test.d" -o "src/Test.o" "../src/Test.cpp"
../src/Test.cpp:6:51: fatal error: linux/user.h: No such file or directory
compilation terminated.
make: *** [src/Test.o] Error 1

I checked my /usr/include/linux folder but there is no file named user.h. I tried with <sys/user.h> but it gave another error.

../src/Test.cpp:18:38: error: ‘ORIG_EAX’ was not declared in this scope

Please help.

Answer 1

Try including sys/user.h and sys/reg.h ORIG_EAX is defined in reg.h

Answer 2

Well lets go further a bit and look at reg.h from /usr/include/sys/reg.h and we have the code as below; for 64 bit its ORIG_RAX else ORIG_EAX. Mine is a 64 bit workstation.

Also for 64 bit the code variation is as below, since it is 8 byte long array

    orig_rax = ptrace(PTRACE_PEEKUSER,
            child, 8 * ORIG_RAX,
            NULL);

And the result would be 59 for execve system-call (/usr/include/asm/unistd_64.h)

The child made a system call 59

/usr/include/sys/reg.h

#if __WORDSIZE == 64
/* Index into an array of 8 byte longs returned from ptrace for
    location of the users' stored general purpose registers.  */

# define R15    0
# define R14    1
# define R13    2
# define R12    3
# define RBP    4
# define RBX    5
# define R11    6
# define R10    7
# define R9 8
# define R8 9
# define RAX    10
# define RCX    11
# define RDX    12
# define RSI    13
# define RDI    14
# define ORIG_RAX 15
# define RIP    16
# define CS 17
# define EFLAGS 18
# define RSP    19
# define SS 20
# define FS_BASE 21
# define GS_BASE 22
# define DS 23
# define ES 24
# define FS 25
# define GS 26
#else

/* Index into an array of 4 byte integers returned from ptrace for
 * location of the users' stored general purpose registers. */

# define EBX 0
# define ECX 1
# define EDX 2
# define ESI 3
# define EDI 4
# define EBP 5
# define EAX 6
# define DS 7
# define ES 8
# define FS 9
# define GS 10
# define ORIG_EAX 11
# define EIP 12
# define CS  13
# define EFL 14
# define UESP 15
# define SS   16
#endif