#include <stdint.h> uint64_t rip; int main() { asm( "movq %%rip, %0\n" : "=m" (rip) ); sleep(10); }
When I compile, I get
cc -m64 rip.c -o rip /tmp/ccwNbZi1.s: Assembler messages: /tmp/ccwNbZi1.s:12: Error: suffix or operands invalid for `movq' make: *** [rip] Error 1
You cannot read (E|R)IP, because there is no x86 (/ 64) instruction to read it directly.
(E|R)IP
The only way to βreadβ is to make a call using the command CALL. It will save the return address on the stack and the one you can read.
CALL
UPDATE . In 64-bit mode, you can use RIP-related addressing, so it LEA RAX, [RIP]will provide you with an address on its own EAX. Another workaround is MOV RAX, $in the assembly.
RIP
LEA RAX, [RIP]
EAX
MOV RAX, $
, /% rip x86_64, - ptrace(). ltrace.
void* addr = ptrace(PTRACE_PEEKUSER, pid, (8 * RIP), 0); ptrace(PTRACE_POKEUSER, pid, (8 * RIP), addr);
RIP - , /usr/include/sys/reg.h