Questions tagged [ptrace]

The ptrace() system call provides a means by which a parent process may observe and control the execution of another process, and examine and change its core image and registers.

Ptrace stands for Process-trace. And is used extensively by debuggers such as GDB and DBX, by tracing tools like strace and ltrace.
By attaching to another process we can have extensive control on the target which includes manipulation of

File Descriptors
Registers
Memory

It can single-step through the target's code, can observe system calls and their results, and can manipulate the target's signal handlers and both receive and send signals on its behalf.

The ability to write into the target's memory allows not only its data store to be changed, but also the applications own code segment, allowing the controller to install breakpoints and patch the running code of the target.

Basic tutorial on ptrace is available here and here.

465 questions

vote

0 answers

Using Ptrace makes SIGSEGV handle routine not working

I'm new to ptrace and I'm not able to solve this problem. I've copied and edited a simple debugger made with the ptrace system call and I'm trying to debug a test program that just makes use of a SIGSEGV handler... basically what I'm doing with the…

asked May 06 '15 at 14:52

Giacomo Travaglini

vote

1 answer

How to wait for a non-child process to change state?

After I sent a kill SIGSTOP signal to another process, how can I check if that process actually stopped? That process is not a child process. And not to use the approach that reads the process table like, ps -ef/aux

linux process signals kill ptrace

asked Jan 10 '15 at 08:44

WindChaser

vote

2 answers

How can we get Function name from Spack Pointer(reg/SP) on Linux?

i am using ptrace to get information related to Callstack on Linux. i can retrieve Spack Pointer to my stack using register returned by ptarces. but using this stack pointer how can i retrieve information related to Function name and signature of…

linux callstack ptrace cpu-registers

asked Apr 15 '10 at 15:59

Sandeep P

vote

1 answer

ptrace single step followed by set breakpoint fails

I code a debugger using python's ptrace module. After a debugged program stops on a breakpoint, I do: restore the original instruction on the place of the breakpoint, do a single step, set the breakpoint again, continue the execution of the…

python ptrace

asked Oct 10 '14 at 10:37

olpa

1,167
10
28

vote

1 answer

Trapping malloc in ptrace

I'm trying to trap when a malloc occurs inside of ptrace. I've been able to hook when a malloc is called so I should be able to capture that through some custom module; however, that is when using dynamic libraries (the -static flag is not used).…

c assembly malloc glibc ptrace

asked Jul 23 '14 at 03:00

SailorCire

vote

0 answers

Nohup process not killed by kill command

In my c++ code I handle signals and everything works fine. However, when I launched it by nohup in standard way, kill not working, I have to kill it with -9. Launching /proc/PID/status before kill state is S (Sleeping), after kill I…

c++ linux nohup ptrace

asked Jul 14 '14 at 14:49

galvanize

vote

1 answer

ptrace to change an array in another program

I'm trying to use ptrace to change another program variable at run time, in my case a dummy shell. int main(void) { char buf[MAXLINE]; fgets(buf, MAXLINE, stdin); if (buf[strlen(buf) - 1] == '\n') buf[strlen(buf) - 1] = 0; …

arrays linux 64-bit ptrace

asked Apr 01 '14 at 05:49

OmegaOuter

vote

1 answer

Can ptrace read/write data from a multithreaded process given that one and only one thread is stopped?

The documentation on ptrace is a little bit fuzzy to me. It says: A tracee first needs to be attached to the tracer. Attachment and subsequent commands are per thread: in a multithreaded process, every thread can be individually attached to a…

c++ c linux multithreading ptrace

asked Mar 13 '14 at 12:20

MciprianM

vote

1 answer

Hung processes resume if attached to strace

I have a network program written in C using TCP sockets. Sometimes the client program hangs forever expecting input from server. Specifically, the client hangs on select() call set on an fd intended to read characters sent by server. I am using…

sockets linux-kernel gdb strace ptrace

asked Feb 19 '14 at 13:28

ernesto

1,899
4
26
39

vote

1 answer

Add breakpoints and install handlers

My high-level goal is something like this: void print_backtrace() { void *callstack[128]; int framesC = backtrace(callstack, sizeof(callstack)); printf("backtrace() returned %d addresses\n", framesC); char** strs =…

macos breakpoints ptrace

asked Feb 18 '14 at 07:56

Albert

65,406
61
242
386

vote

1 answer

ptrace and exec: can child process respond to ptrace BEFORE SIGTRAP?

I've recently run into this code: if ((pid = fork()) == 0) { ptrace(PT_TRACE_ME, 0, 0, 0); // trace execl([originPath UTF8String], "", (char *) 0); // import binary memory into executable space exit(2); // exit with err code 2 in case we could not…

security unix signals ptrace

asked Feb 11 '14 at 16:59

Chris

vote

1 answer

ptrace options not working at all

I couldn't trace fork / exec events when I attached to another process, the status returned from waitpid was always zero (after right shift of 16 times). I've successfully attached to bash shell, but whatever commands I ran, the status was always…

c linux ptrace

asked Dec 14 '13 at 04:24

daisy

22,498
29
129
265

vote

1 answer

Why A Linux Process Is Too Busy To Be Attached (ptrace or so)?

On multi-core RHEL6, there is a FIFO realtime process in a deadloop, so it occupies all the CPU resources on the core (process is bound to the core). However, the other cores are pretty fine. At this time, pstack for the process in deadloop failed…

linux debugging ptrace pstack

asked Dec 13 '13 at 09:31

Steven Ding

vote

1 answer

Way to watch network activity of another linux process in C

I'm need to start some helper processes when web interface of mine router is being used, and shut them down after some time, if activity in webface was stopped (to save RAM when webface isn't used). Is there any way (except prace() ) to know, when…

c linux networking ptrace

asked Nov 14 '13 at 21:00

S-trace

vote

1 answer

ptrace: get imagebase of tracee?

I am on ubuntu 13.10 and have this little stripped+packed elf file. I need to dump various pieces of information from its process in an automated way, so i hacked together a tiny tracer that traces my progress, similar to strace. Three questions…

linux debugging ptrace

asked Nov 14 '13 at 18:08

bernd feinman

Prev 1 2 3

…

30 31 Next