Questions tagged [ptrace]

The ptrace() system call provides a means by which a parent process may observe and control the execution of another process, and examine and change its core image and registers.

Ptrace stands for Process-trace. And is used extensively by debuggers such as GDB and DBX, by tracing tools like strace and ltrace.
By attaching to another process we can have extensive control on the target which includes manipulation of

File Descriptors
Registers
Memory

It can single-step through the target's code, can observe system calls and their results, and can manipulate the target's signal handlers and both receive and send signals on its behalf.

The ability to write into the target's memory allows not only its data store to be changed, but also the applications own code segment, allowing the controller to install breakpoints and patch the running code of the target.

Basic tutorial on ptrace is available here and here.

465 questions

vote

1 answer

ptrace(PTRACE_PEEKDATA, ...) error: data dump

I want to get instruction from running process and change it using ptrace. When variable instr (contains current instruction - PTRACE_PEEKDATA) is unsigned everything works, but when I change it to long int there is an error (memory dump).…

c linux ubuntu ptrace

asked Nov 08 '18 at 17:59

daniel098

vote

1 answer

Can two process attach to same PID via ptrace

So, the title says it all. Is it possible that one process has two tracers? I am playing around with ptrace, and I can see that whenever someone attaches to process, then in /proc//status under TracerPID will be PID of the tracer. However, is it…

c++ linux process ptrace

asked Oct 02 '18 at 13:29

golobitch

1,466
3
19
38

vote

0 answers

ptrace(PTRACE_SYSCALL) in ARM doesn't work properly

I'm trying to trace system call in ARM(Android armeabi-v7a) using ptrace function(not using ptrace in shell, I mean using ptrace in the code). And below is code what I wrote. int trace(int pid) { struct pt_regs regs; ptrace(PTRACE_SYSCALL,…

arm system-calls ptrace eabi

asked Sep 06 '18 at 12:08

hongjo lim

vote

1 answer

Register values of a traced process aren't changing

I'm trying to read the register values of a running process. This is the code of the process I'm trying to trace: #include int x=0; int main(){ while(1){ x++; printf("%d\n",x); } return 0; } and this is the…

c linux ptrace

asked Jul 28 '18 at 21:58

Sam

vote

1 answer

Can't find how to use ptrace() properly

Currently, for a project, I need to code some kind of debugger using ptrace(). At the end, it should show every function/syscall entered/exited in the program to trace. Right now, I'm pretty stuck. I made a small program that should try to trace a…

c ptrace

asked May 08 '18 at 16:19

SamuelRousseaux

vote

1 answer

Why does a SIGTRAP PTRACE_EVENT_STOP occur when the tracee receives SIGCONT?

I'm using PTRACE_SEIZE to trace the execution of a child process, but I'm running into an issue where a non-group-stop PTRACE_EVENT_STOP (signal == SIGTRAP) is being emitted when the tracee receives a SIGCONT. I can't seem to find any documentation…

c linux ptrace

asked Mar 19 '18 at 01:00

Andrew Gunnerson

vote

0 answers

Why user_regs_struct values for execve syscall are 0 and how to fix this issue?

I am trying to catpure name of an executable for execve system call using ptrace as - long val = ptrace(PTRACE_PEEKUSER, child, sizeof(long) * RDI); Where RDI is the register which holds first argument to execve I was hoping to get some arbitrary…

linux system-calls ptrace execve

asked Mar 06 '18 at 16:34

vp8

vote

1 answer

Cannot change permissions for dtrace on MacOS

I was looking at this article. It recommends allow the usage of dtrace without root for current user, so I run: $ sudo chmod u+s /usr/sbin/dtrace Password: # I enter in my password chmod: Unable to change file mode on /usr/sbin/dtrace: Operation not…

macos sudo chmod ptrace dtrace

asked Mar 02 '18 at 00:44

Alexander Mills

90,741
139
482
817

vote

1 answer

Quiting GDB that was started in another terminal gracefully

My SSH session was terminated abruptly and gdb was running. When I try to attach gdb again to the same process, I get: ptrace: Operation not permitted. The ttys: [root@xxx ~]# who root pts/0 2017-11-27 03:57 (10.193.26.12) root …

gdb tty ptrace

asked Nov 27 '17 at 10:08

Mindaugas Bernatavičius

3,757
4
31
58

vote

1 answer

Position-independent executables and ptrace

I would like to ptrace a PIE on Linux and e.g. break at a given instruction address. From disassembly, I have the relative address of the instruction - how can I find out the location the executable was loaded at so I can get the absolute…

linux gdb ptrace

asked Nov 26 '17 at 16:26

jaw

vote

1 answer

Ptrace catching many traps for execve

I am using ptrace to intercept system calls. Everything seems to be working fine except for the fact I'm intercepting 16 calls to execve (8 for pre system call, and 8 post system call). I have seen working examples without it, but I'm trying to use…

c system-calls ptrace

asked Oct 29 '17 at 23:47

gatoWololo

vote

2 answers

Cannot make a breakpoint in my mini debugger for linux

I work on making a mini debugger as a personal project. the debugger is for x86 processors under GNU/Linux environment. In my approach of setting a breakpoint at a specific address of the debugged program works for the first time i lunch my…

c linux debugging gdb ptrace

asked Oct 21 '17 at 19:56

Yahia Farghaly

vote

1 answer

ptrace(PTRACE_ATTACH, pid, 0, 0) error: cannot atttach to pid

i am trying to inject a library in android using PTRACE but when i try to attach ptrace to specific pid for monitoring got an error/; "Cannot attach to pid"... Here is the code // Attach if (0 > ptrace(PTRACE_ATTACH, pid, 0, 0)) { …

android hook ptrace library-interposition

asked Sep 20 '17 at 05:49

Naveen

vote

1 answer

What is process branch trap?

Some background first: I'm writing a debugger and now I am trying to distinguish between different types of process break point. The PTRACE_GETSIGINFO request of ptrace() can help retrieve detail information of tracee signal. for the SIGTRAP signal,…

linux signals ptrace

asked Aug 26 '17 at 12:14

Vince.Wu

vote

1 answer

Getting info about external processes in linux using JNA- Ptrace?

I'm on a student research team currently working on a Java project in which we want to be able to gather some info about specific external programs in CentOS 7. Some potential examples of data we might want to gather would be the URL from firefox,…

java linux jna ptrace

asked Jul 14 '17 at 17:12

Sharpevil

Prev 1 2 3

…

30 31 Next