C ptrace breakpoints

Question

I have been using this tutorial to try to set up a debugger in C. I have set up a test program, which looks like this:

#include<stdio.h>

int main()
{
    printf("BEFORE");

    printf("AFTER"); 
}

and the dissasembly for the main function looks like this:

but if i try to use the code below to print data at 0x64a, i get the output ffffffffffffffff

long address = 0x64a;
long data = ptrace(PTRACE_PEEKTEXT, status, (void *) address, NULL);
printf("%lx", data);

Also, this is the code where i attach the test program:

char* args[] = {"test", NULL};
if(pid == 0)
{
    ptrace(PTRACE_TRACEME, 0, NULL, NULL);
    execve("./test", args, NULL);
    //execl("./test", "test", NULL);
}

score 2 · Answer 1 · answered Apr 30 '20 at 23:49

2

You have a position-independent executable. As such, ASLR makes it start at a random address in memory. Check the rip register during ptrace and dump the code from there, instead of from the address in your executable.

answered Apr 30 '20 at 23:49

Joseph Sible-Reinstate Monica

45,431
5
48
98

if i understand correctly, i've done something similar and it has similar results. Asked the question here: https://stackoverflow.com/questions/61531930/ptrace-doesnt-show-the-same-as-objdump – qlabfgerkaSmurf May 01 '20 at 00:14

C ptrace breakpoints

1 Answers1