How to use Ptrace_interrupt command

Question

I wrote a sample exercise about ptrace on how to use ptrace, but I encountered some strange problems

this is my test program:

int main(int argc, char *argv[])
{

    pid_t pid = 22092;
    if (ptrace(PTRACE_SEIZE, pid, NULL, NULL) == -1) {
    perror("PTRACE_SEIZE");
        return 1;
    } 

    if (ptrace(PTRACE_INTERRUPT, pid, NULL, NULL) == -1) {
        perror("PTRACE_CONT");
        return 1;
    }

    return 0;
}

After the execution, my program is still executing without interruption.

I have also read the manual page, after PTRACE_SEIZE, you can use PTRACE_INTERRUPT to suspend the program. I don’t know if anyone can help me.

And you're sure the program you want to trace have that specific PID? Does the program you want to trace have multiple processes? There's no error output shown when running the tracing program (shown in the question)? — Some programmer dude, Sep 16 '21 at 06:53
@ Some programmer dude Thank you for your reply,I have a specific PID,just one loop process and no any error happen — mark25789, Sep 27 '21 at 04:25
What happens when the tracing program (the program you show) exits right after `PTRACE_INTERRUPT`? Have you tried adding some kind of delay between `PTRACE_INTERRUPT` and process exit? What happens then? — Some programmer dude, Sep 27 '21 at 06:18
When the tracking program exits immediately after PTRACE_INTERRUPT, my LOOP program is still running, but I have interrupted him, it doesn't make sense Then I try to add some delay,it will wait for the delay to end and continue running — mark25789, Sep 28 '21 at 09:19
To me it *does* make sense. The tracking program (as you call it) exist. The process ends, and all its resources are released, including all tracing. That releases the interrupt and allows the tracked program to continue. — Some programmer dude, Sep 28 '21 at 10:35
Yes, you are right, I did a small experiment to prove that this is the problem, but I have another question about PTRACE_DETACH, https://stackoverflow.com/questions/69204954/what-is-the-relationship-between-ptrace-and-waitpid After the interruption is normal, I want to use PTRACE_DETACH to release the interruption and let the program continue to run, but the result shows (no such process) and then I use the command "ps aux | grep -i test.py" to find that this program is also existing. My steps are 1.PTRACE_SEIZE 2.PTRACE_INTERRUPT 3.PTRACE_DETACH — mark25789, Sep 29 '21 at 03:56
Yes, I have posted another question, the following is the URL of that question https://stackoverflow.com/questions/69204954/what-is-the-relationship-between-ptrace-and-waitpid — mark25789, Sep 29 '21 at 06:23

score 1 · Accepted Answer · answered Sep 29 '21 at 05:37

The problem is that the "tracking program" (the program calling ptrace) is exiting directly after the PTRACE_INTERRUPT.

Tracing is like any other resource allocated by a process, and when the process exits all such resources are released.

That means the pausing of the tracked program will end as soon as the tracking program exits, which is immediately so it looks like nothing happens.

You need to wait for some event to let the tracked program continue, or for your tracking program to exit.

How to use Ptrace_interrupt command

1 Answers1