Stack Overflow
Stack Overflow

Questions tagged [ptrace]

The ptrace() system call provides a means by which a parent process may observe and control the execution of another process, and examine and change its core image and registers.

Ptrace stands for Process-trace. And is used extensively by debuggers such as GDB and DBX, by tracing tools like strace and ltrace.
By attaching to another process we can have extensive control on the target which includes manipulation of

  1. File Descriptors
  2. Registers
  3. Memory

It can single-step through the target's code, can observe system calls and their results, and can manipulate the target's signal handlers and both receive and send signals on its behalf.

The ability to write into the target's memory allows not only its data store to be changed, but also the applications own code segment, allowing the controller to install breakpoints and patch the running code of the target.

Basic tutorial on ptrace is available here and here.

465 questions
1
vote
1 answer

Ptrace reset a breakpoint

I am having trouble resetting a process after I have hit a breakpoint with Ptrace. I am essentially wrapping this code in python. I am running this on 64 bit Ubuntu. I understand the concept of resetting the data at the location and decrementing…
Chris
  • 4,425
  • 5
  • 34
  • 49
1
vote
3 answers

Is there a way to make gdb share ptrace with another process?

I need to run another process that needs to ptrace() its inferior. But also gdb needs to ptrace() the same inferior as well, so this will lead to chaos. The first and obvious solution that came to my mind was to detach the gdb whenever the other…
Korcan Karaokçu
  • 467
  • 4
  • 18
1
vote
2 answers

using gdb on with execl, wait, and ptrace

I'm trying to debug a program that calls another program and uses ptrace. I can run it, just fine; however, when trying to debug it with gdb, the program hangs at wait(&status). What I want to do is debug the main process and possibly switch back…
SailorCire
  • 548
  • 1
  • 7
  • 24
1
vote
0 answers

How does ptrace work with 2 different processes?

I was reading about ptrace on the net and found that a process can request to trace another process by using PTRACE_ATTACH but apparently all the examples available involve the use of fork(). What I want is to have 2 programs - prg1.c and prg2.c…
white-hawk-73
  • 856
  • 2
  • 10
  • 24
1
vote
0 answers

Modifying global variables with ptrace programmatically

I've been playing with ptrace to see if I can modify the value of simple global integers in a C program. I know that I can use PEEKDATA and POKEDATA to accomplish this. However, these need information about where the variable is stored in memory in…
user979616
  • 273
  • 1
  • 6
  • 15
1
vote
2 answers

PTRACE Programming on HP-UX

Can anyone please give me any good link where i can get some info on how to program with ptrace for HP-UX. Please don't post links for linux ptrace.
Samir Baid
  • 1,128
  • 2
  • 11
  • 20
1
vote
1 answer

Android strace command error: "PTRACE_SYSCALL doesn't work: Function not implemented"

I need to use strace on a rooted Android Asus ZenFone 2E, Intel Atom, x86. So, I get a working binary for strace and run it on other phone and it is working perfectly. But when I tried to run the same command on Asus ZenFone 2E, it did not work. The…
Sedeeq Al-Khazraji
  • 19
  • 6
1
vote
1 answer

Linux ptrace() read whole memory page

Hello I try to dump the memory of a process in Android/Linux. Right now I read the memory maps to get a memory region's address space and then I read every single word like this: ptrace(PTRACE_ATTACH, pid, NULL, NULL); wait(NULL); read each word in…
micha
  • 65
  • 11
1
vote
0 answers

Binaries built with clang address sanitizer stop with SIGTRAP when running under OS X ptrace

I'm trying to run binaries built with clang's address sanitizer under the control of ptrace, and I'm having a problem with spurious SIGTRAPs. My program uses ptrace in the standard manner: child does ptrace(PT_TRACE_ME,...) then exec; parent waits…
Tom Seddon
  • 2,648
  • 1
  • 19
  • 28
1
vote
0 answers

Is there a supported way to obtain LDT entries of debuggee?

A userspace process can call modify_ldt(2) to alter entries of its LDT. A debugger, to make correct analysis of what the process reads and where, as well as what code it executes currently, needs to know what descriptor a value of e.g. CS=0x7…
Ruslan
  • 18,162
  • 8
  • 67
  • 136
1
vote
1 answer

Self attach using ptrace?

Is it possible to ptrace the same process from a thread in that process? I found a discussion at [1] which seems to suggest a way which (may or may not work) seems to be bit involved to me as I am not intimately familiar with pthreads API. Has…
chamibuddhika
  • 1,419
  • 2
  • 20
  • 36
1
vote
0 answers

Call Procedure In X86_64 Assembly

I'm writing a little program that traces another one and lists the functions call (Near call, far call, dynamic linking etc). The goal is to generate a callgraph thanks to the dotty framework. I'm currently struggling with the decoding of the…
Thibaud Auzou
  • 129
  • 10
1
vote
1 answer

How can I get backtrace of the running process stack by other process in mips?

I want to get backtrace of the stack in process A by process B I know I can use gdb --pid pid_of_A , then use info stack to get backtrace of the stack in process A. But, I want to implement it by code, not use gdb. I read gdb source code to…
Vincent
  • 11
  • 3
1
vote
1 answer

Why does attaching stop a process/thread in Linux?

I understand how single stepping and the int 3 bytes are used to debug programs. In the first case, the tracer uses PTRACE_SINGLESTEP to be able to debug the program one instruction at a time. On x86, this means that the trap flag would be set while…
user277465
1
vote
1 answer

Python-Ptrace - What happens after PtraceProcess.cont()?

I'm looking at a game with python-ptrace. I do not want to disconnect from the server so after attaching to the process, I immediately call cont() to allow it to keep running. In this state I can still read memory, but I can not write to it. Is…
douggard
  • 692
  • 1
  • 12
  • 29
1 2 3
30 31