1

I was reading about ptrace on the net and found that a process can request to trace another process by using PTRACE_ATTACH but apparently all the examples available involve the use of fork().

What I want is to have 2 programs - prg1.c and prg2.c where prg2.c should trace prg1.c. I tried using PTRACE_ATTACH in prg2.c but it seems that the call failed - prg2.c couldn't trace prg1.c . How does ptrace work ? Can anybody explain ?

Code for prg1.c : 

#include <stdio.h>
#include <sys/ptrace.h>
#include <unistd.h>

#include <stdlib.h>

int main()
{
    printf("Hello world\n");
    sleep(20);

    execl("/bin/ls", "ls", NULL);
    return 0;
}

Code for prg2.c :

#include <stdio.h>
#include <sys/ptrace.h>
#include <unistd.h>

#include <stdlib.h>
int main(int argc , char **argv)
{
    int pid = atoi(argv[1]);
    int status;
    if (ptrace(PTRACE_ATTACH, pid, NULL, NULL) == -1) {
        printf("ptrace attach failed!");
        return 0;
    }

wait(&status);
sleep(5);

ptrace(PTRACE_DETACH, pid, NULL, NULL);
return 0;
}

I have included a sleep() to get the pid of prg1's executable(during that time) using ps -af and give it as an input to the executable of prg2.

white-hawk-73
  • 856
  • 2
  • 10
  • 24
  • We can't fix code we can't see. What went wrong exactly? – David Schwartz Feb 10 '16 at 09:53
  • Check the man page for `ptrace`, it contains this piece of advice, "On error, all requests return -1, **and errno is set appropriately**". – David Schwartz Feb 10 '16 at 10:19
  • Yes, I have chcked that. I printed 'errorno' using strerror and got - "Operation not permitted. " – white-hawk-73 Feb 10 '16 at 10:34
  • Well then there you have it. Your platform doesn't permit a non-root user to `ptrace` a process other than its own child by default. Punch "[kernel.yama.ptrace_scope](https://www.kernel.org/doc/Documentation/security/Yama.txt)" into your favorite search engine. – David Schwartz Feb 10 '16 at 10:41
  • Thanx you Sir. I thought that since I can use 'sudo', I am the root. But I figured that sudo is similar to root but not exactly like it. – white-hawk-73 Feb 10 '16 at 10:55
  • You ran `prg2` with `sudo`? Can you show us the commands you used and the output you got? – David Schwartz Feb 10 '16 at 11:12
  • Now, when I used sudo it worked. Earlier it was not working. Maybe there was some fault. Thank you sir for your help. I wish you had written this as an answer so that I could upvote you. Now, my question is if I don't put a sleep() in prg1, it simply ends before prg2 can trace it. And that is pretty obvious(since i am running prg1 first, then in the meanwhile it sleeps, I get its pid and then run prg2 to trace it, so if I remove sleep, it just executes and ends). But how do I get around this limitation. – white-hawk-73 Feb 10 '16 at 11:33
  • I don't understand how/why that's a limitation. What are you trying to do that this prevents you from doing? Most likely the answer is to write a program that waits until you tell it to go and then calls an `exec` function. You run that program, `ptrace` it, and then tell it to go. – David Schwartz Feb 10 '16 at 17:00
  • Sorry for my late reply. I was trying something else earlier and that is why got confused and probably confused you as well. But now I have understood what my final aim is - To have a program, say 'prg1.c' be traced by 2 programmes - 'prg2.c' and 'prg3.c'. And since only 1 process can trace prg1.c at a time, initially when prg2.c tries to attach to it, it should work fine, but when prg3.c tries to attach to it, prg1.c should display the message that ptrace failed etc. – white-hawk-73 Feb 13 '16 at 06:38
  • And I want to do it using PTRACE_TRACEME command, but how do I find the process ids of prg2.c and prg3.c and give it as input to prg1.c? I guess its impossible, maybe this can only work in case of using fork(). – white-hawk-73 Feb 13 '16 at 06:38
  • Your question is not well formed. You're asking how you got the process ID of a "particular process", but you're not specifying anything you know about that process that would let you identify it or telling us what control you have over it. It's like saying "how do I get a particular person's phone number?". Well, it depends what identifies the particular person whose phone number you want. – David Schwartz Feb 14 '16 at 01:56

0 Answers0