Questions tagged [ptrace]

The ptrace() system call provides a means by which a parent process may observe and control the execution of another process, and examine and change its core image and registers.

Ptrace stands for Process-trace. And is used extensively by debuggers such as GDB and DBX, by tracing tools like strace and ltrace.
By attaching to another process we can have extensive control on the target which includes manipulation of

File Descriptors
Registers
Memory

It can single-step through the target's code, can observe system calls and their results, and can manipulate the target's signal handlers and both receive and send signals on its behalf.

The ability to write into the target's memory allows not only its data store to be changed, but also the applications own code segment, allowing the controller to install breakpoints and patch the running code of the target.

Basic tutorial on ptrace is available here and here.

465 questions

votes

1 answer

function calling a system call wrapper not pushed onto stack

So, I was working with a typical project of mine. For that I wrote the following program: /***************************demo.c*************************/ #include #include void foo(int x) { getpid(); open(); getpid(); …

asked Nov 18 '22 at 21:59

Abhishek Ghosh

votes

0 answers

ptrace with PTRACE_POKETEXT gives errno 5

I was trying to use this project https://github.com/Chainfire/injectvm-binderjack to inject a shared library in the system server, using ptrace(). The problem is, that every attempt of writing memory (using PTRACE_POKETEXT) fails with errno 5…

android linux arm ptrace

asked Oct 01 '22 at 13:13

User9387425

votes

1 answer

Ptrace in C language : What does void *addr refer to?

I'm using ptrace system call in C language: long ptrace(enum __ptrace_request requête, pid_t pid, void *addr, void *data); But I don't know what void *addr refers to... In this example, I wanted to get the address of the current instruction which…

c constants cpu-registers void-pointers ptrace

asked Sep 19 '22 at 08:33

Rémi Hoarau

votes

0 answers

Access to specific address in c

I have value of Insturction Pointer(IP register), I want to view the value in IP adrress, How can I make this address as a pointer or view the value? Maybe is there another way to view code instruction in registers? my idea is obtaining instruction…

c pointers assembly cpu-registers ptrace

asked Sep 15 '22 at 09:05

Shtaros

votes

1 answer

Best way to convert a Linux kernel trace point into a plain old printk

I work in a system that does not allow me to enable tracepoints at runtime. To work around this, I manually add printks near a trace point to during debugging. This seems to be very inefficient and I am looking for methods to enable a tracepoint at…

linux-kernel syslog ptrace ftrace printk

asked Aug 24 '22 at 23:19

sidcha

votes

0 answers

error：argument type 'xx' is incomplete for hiding call to ptrace example code

I'm testing an antidebug solution with ptrace method; and i compile the program by using ndk21e cross-compile. The problem is that it compiles successfully with gcc, but fails with ndk cross-compile. ndk cross-compile compiles all other programs…

linux android-ndk cross-compiling ptrace

asked Aug 22 '22 at 02:59

lydia

votes

0 answers

Linux: Mapping debugee memory into debugger memory space

Basically, I want to avoid system calls for reading to/writing from the debugee memory space. I only want to map a single mapping from /proc/pid/maps, I tried just mmap()ing from /proc/pid/mem but turns out procfs doesn't support mmap. Tuxifan

c linux debugging memory ptrace

asked Aug 16 '22 at 06:13

tuxifan

votes

1 answer

Why lldb doesn't use ptrace on linux?

From the output of strace -o file lldb someprog, I found there is no ptrace. Then how can lldb get features like PTRACE_ATTACH/PTRACE_SINGLESTEP and so on?

linux debugging gdb lldb ptrace

asked Aug 03 '22 at 07:12

Chen Li

4,824
3
28
55

votes

0 answers

Changing from PTRACE_TRACEME to PTRACE_SEIZE

I'm trying to use ptrace apis to control the execution of child process. As a part of it, there are like few things I need to do, at first I need to trace the child process right from the beginning of the child's execution, hence, I am using…

linux linux-kernel system-calls ptrace

asked Jul 29 '22 at 16:08

Abilesh Sundarasamy

votes

0 answers

linux process injection, what happen to the shared object file and why the whole memory mapping of the process after the injection changed?

I am trying to improve in Linux process injection and I have some things that i not fully understand. the injection method that I am using is the basic ptrace injection in current rip value. the flow is this : ATTACH to the running process using…

linux ptrace shared-objects copy-on-write process-injection

asked Jul 28 '22 at 19:58

Raz Gavriel

votes

0 answers

corrupted double link list detected

So here is the setup, I have two nodes Node-A & Node-B. Node-A is incapable of executing some functions, whereas Node-B is dedicated for executing such Node-A's incapable functions. So the idea is when Node-A when wants to execute such functions…

c linux memory ptrace page-fault

asked Jul 23 '22 at 17:46

Abilesh Sundarasamy

votes

1 answer

Stack smashing detected while applying stack & register on the remote identical process

Let us consider that I have an application that is to be executed on 1st node. This application however, cannot execute some function on this 1st node as the node lacks such capabilities. Hence, in order to make this application execution flawless,…

linux memory memory-management stack-overflow ptrace

asked Jul 13 '22 at 18:43

Abilesh Sundarasamy

votes

1 answer

Getting registers using ptrace in aarch64

I'm attempting to use ptrace to manipulate registers on aarch64. Looking at sys/user.h in my aarch64 toolchain (android-ndk-r10e), I see #elif defined(__aarch64__) // There are no user structures for 64 bit arm. #else Perhaps I'm missing…

c arm64 ptrace

asked Jul 08 '22 at 14:28

Daniel Walker

6,380
5
22
45

votes

1 answer

PTRACE_GET_SYSCALL_INFO always returns info.op as "PTRACE_SYSCALL_INFO_NONE"

Basically the title, i can't get it to work, nor can i find any reason why it shouldn't work. ptrace(2)'s manual states that Linux 5.3+ is required and i am running Linux 5.17.4, the following simplified code compiles without any warnings, runs…

c linux unix ptrace

asked May 27 '22 at 19:23

fvalasiad

votes

1 answer

Why ptraced dup2 works different than directly called dup2?

I'm trying to redirect a tracee's stdout to a file. For this I've: attached to tracee mmap'd some memory copied the filename to tracee's memory asked tracee to open the file To reach these results I had to dig myself into this repository. So far…

ptrace

asked May 01 '22 at 18:28

Daniel

2,318
2
22
53

Prev 1 2 3

…

30 31 Next