Access EIP and EBP via ucontext on OS X

Question

I am trying to port a tool to osx which is designed to run on linux and freebsd. There is a case in the program where access to the EIP and EBP is need. This is done via the ucontext.

So i added a case for __APPLE__ to place a suitable access to the ucontext struct.

 9887 #if defined(__FreeBSD__)
 9888         *paddr = uc->uc_mcontext.mc_eip;
 9889 #elif defined(__dietlibc__)
 9890         *paddr = uc->uc_mcontext.eip;
 9891 #elif defined(__APPLE__)
 9892         *paddr = uc->uc_mcontext.ss.eip;
 9893 #else
 9894         *paddr = uc->uc_mcontext.gregs[REG_EIP];
 9895 #endif

But uc->uc_mcontext.ss.eip doesn't compile. Not sure how to access the EIP from the ucontext.

Answer 1

It appears the naming scheme changed in OS X 10.5, where it should be uc->uc_mcontext->__ss.__eip. On later versions this is uc->uc_mcontext->__ss.__rip for x86_64.

Found by quick google search, refs: 1, 2