Stack Overflow
Stack Overflow

Questions tagged [ptrace]

The ptrace() system call provides a means by which a parent process may observe and control the execution of another process, and examine and change its core image and registers.

Ptrace stands for Process-trace. And is used extensively by debuggers such as GDB and DBX, by tracing tools like strace and ltrace.
By attaching to another process we can have extensive control on the target which includes manipulation of

  1. File Descriptors
  2. Registers
  3. Memory

It can single-step through the target's code, can observe system calls and their results, and can manipulate the target's signal handlers and both receive and send signals on its behalf.

The ability to write into the target's memory allows not only its data store to be changed, but also the applications own code segment, allowing the controller to install breakpoints and patch the running code of the target.

Basic tutorial on ptrace is available here and here.

465 questions
1
vote
0 answers

Modify the ptrace without passing the flag

I'm running some distributed training on some platform using MPI. During the training I saw massive printings like: Read -1, expected 5017600, errno = 1 Read -1, expected 5017600, errno = 1 Read -1, expected 5017600, errno = 1 Read -1, expected…
user3391299
  • 73
  • 4
1
vote
0 answers

About non-signal-safe system calls in signal handler

I'm trying to implement CreateRemoteThread in linux using ptrace. The main problem is that the mmap and clone system call is not signal-safe, so it's dangerous to inject them directly. But what if I can make sure there is not pending mmap and clone…
WednesdayDT
  • 11
  • 4
1
vote
1 answer

How to block tracee catch SIGTRAP with ptrace

When I want to inspect tracee syscall I use PTRACE_ATTACH , then PTRACE_SYSCALL in loop , and finally PTRACE_DETACH . The problem is that if the tracee registered to SIGTRAP or SIGCONT it can change his behaviour while I use PTRACE_SYSCALL or…
Keystone
  • 165
  • 1
  • 9
1
vote
1 answer

ptrace doesnt show the same as objdump

I am writing a C program thats shows instructions using ptrace. This is the code: #include #include #include #include #include #include #include #include…
qlabfgerkaSmurf
  • 347
  • 1
  • 5
  • 20
1
vote
1 answer

C ptrace breakpoints

I have been using this tutorial to try to set up a debugger in C. I have set up a test program, which looks like this: #include int main() { printf("BEFORE"); printf("AFTER"); } and the dissasembly for the main function looks…
qlabfgerkaSmurf
  • 347
  • 1
  • 5
  • 20
1
vote
0 answers

ptracing the patching linux kernel failed

I am trying to ptrace the patching operation with execlp("/bin/sh", "/bin/sh", "-c", "patch -p1 < patch-2.0.2", (char *)NULL); Redirection inside call to execvp() not working But the process is giving me error that there is no such process... the…
Yuta Nakamura
  • 49
  • 3
1
vote
2 answers

Is there a way to run a docker container as sudo, if it was build on a non sudo base-image?

This might be a stupid question, but I am going to ask it anyways... I would like to be a superuser in the container if I run docker exec -it /bin/bash. is a container that is built on a fedora-base-image which seems to…
User12547645
  • 6,955
  • 3
  • 38
  • 69
1
vote
1 answer

Where is ptrace in linux kernel?

I can't find it in kernel source with global ptrace, there is no definition in kernel/ptrace.c like it was stated in man page..... I can see kernel/ptrace.c and include/linux/ptrace.h but there is nothing
M. Kalter
  • 13
  • 4
1
vote
2 answers

How to fix error "cannot run C compiled programs" when using ASAN

Issue: running configure scripts work fine, the C compiler can be used and the generated programs run. As soon as ASAN is added the configure script complains that the generated programs cannot run. ./configure checking for a BSD-compatible…
Simon Sobisch
  • 6,263
  • 1
  • 18
  • 38
1
vote
1 answer

Get registers with ptrace in arm-linux

Tried to get PC register of thread in arm linux. There is process , process id = 120 and it has 3 threads : threads id : 121,122,123 . #include #include int main() { struct user_regs_struct regs; ptrace…
paramikoooo
  • 177
  • 2
  • 16
1
vote
2 answers

How to track all descendant processes in Linux

I am making a library that needs to spawn multiple processes. I want to be able to know the set of all descendant processes that were spawned during a test. This is useful for terminating well-behaved daemons at the end of a passed test or for…
Chris Hunt
  • 3,840
  • 3
  • 30
  • 46
1
vote
1 answer

SIGNAL HELP: What signal a child would send to its parent when it is about to crash?

I am tracing a program using ptrace and that program crashes while running. I have written a code that prints stack trace of a pid. I am stuck at the point that I don't know when it is about to crash and when should I print the stack trace. Could…
Faizan Sh
  • 96
  • 1
  • 13
1
vote
2 answers

program to monitor read/writes PATH of a program?

I was trying to make a program for a college project, but I got stuck at this: How will you monitor a program as to what files it writes to or reads from? I wish to have their path names. To make the problem more clear, here is an example: Consider…
TarunG
  • 602
  • 5
  • 21
1
vote
1 answer

ptrace %edx for sys_open inconsistent

I am trying to get the filename from the sys_open system call using ptrace. I get the filepath pointer, and I am able to get the correct data from that address, however, I need a way to know how much data to get, ie the length of the filename. I…
ofosho
  • 433
  • 1
  • 5
  • 15
1
vote
0 answers

Use execv & ptrace to execute a selenium-webdriver python program in linux

I wrote a C program below which used execv to run a shell command and ptrace to trace it. pid = fork(); if (pid == 0) { // child process ptrace(PTRACE_TRACEME, 0, NULL, NULL); char** argv = new char*[3]; …
ycdfwzy
  • 11
  • 3
1 2 3
30 31