Questions tagged [ptrace]

The ptrace() system call provides a means by which a parent process may observe and control the execution of another process, and examine and change its core image and registers.

Ptrace stands for Process-trace. And is used extensively by debuggers such as GDB and DBX, by tracing tools like strace and ltrace.
By attaching to another process we can have extensive control on the target which includes manipulation of

File Descriptors
Registers
Memory

It can single-step through the target's code, can observe system calls and their results, and can manipulate the target's signal handlers and both receive and send signals on its behalf.

The ability to write into the target's memory allows not only its data store to be changed, but also the applications own code segment, allowing the controller to install breakpoints and patch the running code of the target.

Basic tutorial on ptrace is available here and here.

465 questions

votes

2 answers

How do I test that a given shell has been executed in Python?

I want to test a Python function that executes a shell command. According to testfixtures there are two approaches: execute a real process and check the result mock the subprocess module and check the expected interactions My function is called…

asked Aug 30 '23 at 07:46

Iain Samuel McLean Elder

19,791
12
64
80

votes

2 answers

ptrace not recording forked process despite setting PTRACE_SETOPTIONS to PTRACE_O_TRACEFORK

I'm trying to follow the syscalls of a program using ptrace, but it does not work when the traced program has a fork() and just ignores it, supposedly you just need to set the line below and it should follow the process originating from fork() as…

c fork ptrace

asked Aug 14 '23 at 19:47

frazz

votes

0 answers

How to solve "ptrace operation not permitted"?

I am getting the following message: Could not attach to process. If your uid matches the uid of the target process, check the setting of /proc/sys/kernel/yama/ptrace_scope, or try again as the root user. For more details, see…

debugging ubuntu-16.04 ptrace klee

asked Aug 13 '23 at 02:31

Arpita Dutta

votes

1 answer

Is there a way to be able to quickly differentiate between a SIGTRAP caused by a breakpoint or a sigtrap caused by PTRACE?

Say I'm writing a hypothetical debugger. A debugger wants to set breakpoints and watchpoints (both software and hardware) and what not. When a tracee hits a breakpoint a SIGTRAP is generated. But using ptrace, it too, can "generate" SIGTRAP signals,…

c++ c linux ptrace

asked Jul 29 '23 at 21:58

Simon Farre

votes

0 answers

is it possible to use the ptrace to simulate the IO error on the specific lba range when running the FIO/Vdbench on the block device

As title, I am seeking a way to simulate a IO error or slow disk issue when running the workload(via FIO/Vdbench) with other IO tools, I tried to use ptrace to do it with following code #include #include #include…

c io ptrace

asked Jun 30 '23 at 14:43

wang larry

votes

0 answers

Editing registers (RIP specifically) with ptrace and PTRACE_POKEUSER

Apparently, something like this is (probably) possible, though ptrace's manual is a little ambiguous. Can someone elaborate on how I'd use PTRACE_POKEUSER to modify the user-space of the paused process (and maybe add some sample code), along with…

c process ptrace

asked Jun 15 '23 at 03:23

R-Rothrock

votes

0 answers

Ptrace pokedata Input/output eror in memory injection

I made a program to practice a simple memory injection, here is the code: unsigned char g_payload[] = "\x31\xC0\x31\xDB\x31\xD2\xB0\x04\xB3\x01\x68\x72\ \x6C\x64\x21\x68\x6F\x20\x57\x6F\x68\x48\x65\x6C\x6C\x89\xE1\xB2\x0C\xCD\x80"; int main(int…

c low-level ptrace

asked Jun 02 '23 at 19:27

PacoFrost

votes

0 answers

Cant PTRACE_DETACH from process

Ive PTRACE_ATTACH and PCONT to a process. Ive also verified the process is still attached, and thats running, yet I cant PTRACE_DETACH (errno : No such process). Im puzzled after doing all the validations. It all happens in void DETACH(). My…

c++ linux parent-child wxwidgets ptrace

asked May 31 '23 at 15:13

Olivia22

votes

0 answers

How to find out all stdout and stderr file handles a process have when it is multithreaded and used unshare with CLONE_FILES?

I am trying to instrument processes with ptrace to access open file descriptors a process has, especially stdout and stderr. My main issue is that if process is multithreaded and has used unshare with CLONE_FILES then different threads might have…

linux ptrace

asked May 21 '23 at 19:47

Mitar

6,756
5
54
86

votes

0 answers

PTRACE_PEEKTEXT ptrace: Input/ouput error

I try to read the values from memory with using PTRACE_PEEKDATA. To find the memory address of specific line I am using with objdump - objdump --dwarf=decodedline ./exe_filename and got the output: test: file format elf64-x86-64 Contents of…

c debugging virtual-memory ptrace

asked May 08 '23 at 19:15

Aviel15

votes

2 answers

Single step a process by one assembly instruction

When you execute a single step operation using ptrace does the process do one "line" of code or does it do one line of assembly instead. If it's the former case is there a way to step a process in linux by one processor instruction only? I mean to…

linux assembly linux-kernel x86 ptrace

asked Sep 28 '11 at 01:47

Jesus Ramos

22,940
10
58
88

votes

0 answers

Get termination event with ptrace

I am trying to get the termination of a process with ptrace. I've already tried PTRACE_O_TRACEEXIT, but the process could end also with a return and the event will not be caught. What can I do? I would like a ptrace solution only, without waitpid

linux ptrace

asked Mar 02 '23 at 16:53

Maray97

votes

0 answers

It is possible to grab process memory using ftrace?

I have two applications one writing requests to and reading responses from stdin/stdout of another. I should not modify the applications, but I have root permission. I need to intercept requests, and responses and measure time when some messages…

linux trace ptrace procfs ftrace

asked Jan 10 '23 at 09:40

user2616346

votes

0 answers

How we can know what accesses to the specific address on armeabi-v7a?

I am have android game and there is address for Player Camera, and I want to know what accesses to the Player Camera Address? for example when I am run same game on android emulator (game loop emulator), and get camera address on cheat engine and…

android debugging ptrace

asked Dec 29 '22 at 12:31

Safu Gsm

votes

0 answers

how does a debugger start a subprocess and get register data using ptrace?

The documentation of ptrace lists multiple ways the function can be called. I tried to create code to demonstrate it working, first by running a job and defining that it should be debugged using PTRACE_TRACEME #include #include…

c++ fork ptrace

asked Dec 04 '22 at 23:41

Dov

8,000
8
46
75

Prev 1 2 3

…

30 31 Next