i'm tring to add in a new feature into the linux kernel, which requires to find out the program counter of a process when dispatching system calls. could anyone give a hint on how to retrieve the program counter? thx...

This is i386-specific (translation: any Intel-compatible 32-bit processor), but it should work. Look in include/linux/sched.h at the definition of task_struct. I assume you have a task_struct for the process you want, right? You'll need one.

task_struct has a child struct of type thread_struct, which is defined in include/asm/processor.h (since it's different for every processor). For i386 (that is, when include/asm is a symlink to asm-i386), this thread_struct has a child named eip, which is the current value of that thread's EIP register (which is Intel's name for the PC).

So it'd be task->thread.eip, assuming task was a pointer to your task_struct.

thx... :) i didi it and it works. however, i always got the same value of eip.

what i did was to insert a function into entry.S to do the checking of eip. this function is inserted just before the call *SYMBOL_NAME(sys_call_table)(,%eax, 4) instruction. why am i always got the same eip value for different processes? is it because the eip acutally holds address of ret_from_sys_call?

thx...

I'm not sure... I don't know enough about when the eip value in that struct gets set, and what it gets set to...

Perhaps you could do a stack backtrace? The first return address on the stack that's not in kernel space (any address that looks like 0xC??????? is in kernel space, where the ?'s can be anything) would be the address right after the one that the user program called your syscall from.