Stack Overflow
Stack Overflow

Questions tagged [ptrace]

The ptrace() system call provides a means by which a parent process may observe and control the execution of another process, and examine and change its core image and registers.

Ptrace stands for Process-trace. And is used extensively by debuggers such as GDB and DBX, by tracing tools like strace and ltrace.
By attaching to another process we can have extensive control on the target which includes manipulation of

  1. File Descriptors
  2. Registers
  3. Memory

It can single-step through the target's code, can observe system calls and their results, and can manipulate the target's signal handlers and both receive and send signals on its behalf.

The ability to write into the target's memory allows not only its data store to be changed, but also the applications own code segment, allowing the controller to install breakpoints and patch the running code of the target.

Basic tutorial on ptrace is available here and here.

465 questions
0
votes
0 answers

Can't replace syscall instruction with ptrace in Arm linux

I tried to change syscall behavior to remote process with ptrace in Arm linux while the process is access write syscall ptrace.c #include #include #include #include #include #include…
paramikoooo
  • 177
  • 2
  • 16
0
votes
1 answer

How to find out witch thead using specific file descriptor with C

I have a process with 100 threads. I know that only one thread is using a specific fd. For example, this fd is a socket descriptor, and only one thread is using this socket with send() and receive(). How can I find out, with C, on Linux, the ID of…
Keystone
  • 165
  • 1
  • 9
0
votes
1 answer

PTRACE_GET_SYSCALL_INFO undeclared: including sys/ptrace.h doesn't seem to get all ptrace code

From the man page: PTRACE_GET_SYSCALL_INFO (since Linux 5.3) Retrieve information about the system call that caused the stop. The information is placed into the buffer pointed by the data argument, which should be a pointer to a buffer of type…
NotAPro
  • 136
  • 2
  • 17
0
votes
0 answers

ptrace usage in ARM

I'm trying to analyse how a third party software is controlling some hardware. The board is i.mx7 based running i.MX Linux kernel 3.14.52. The board is a development board and is running some demo software which I do not have the code for. Most of…
BenN
  • 1
0
votes
1 answer

Stop or killing thread in process with ptrace?

Kill a specific thread in one process from another process. Below is my code: ptrace(PTRACE_ATTACH,threadID,NULL,NULL); stops the complete process, but I want only one specific thread to stop. Can you please provide me some pointers on how to…
paramikoooo
  • 177
  • 2
  • 16
0
votes
1 answer

How to track total data (including metadata) read/written to a disk in Ubuntu Linux?

I am trying to trace the total data that is written to or read from a disk for a particular process in Linux. Using the dstat tool, I am able to trace system-wide read, write calls, by using dstat -d. Using strace -e trace=read,write, I am able to…
Saunved Mutalik
  • 381
  • 2
  • 19
0
votes
1 answer

Does ptrace access user or kernel space?

I'm trying to read the instruction pointer / pc register of a process/thread on an arm Aarch64 linux which is stuck within a system call ( = kernel land ) via this C++ code: ptrace( PTRACE_GETREGSET, threadProcessId, NULL, ®s ); printf( "Register…
Desperado17
  • 835
  • 6
  • 12
0
votes
1 answer

ptrace attach to vsftpd hangs

I am trying to ptrace a vsftpd server process on linux to be able to get control whenever vsftpd process makes a system call. I start the vsftpd process and pass this process id as command line to the following program which traces vsftpd. however,…
vbser
  • 11
  • 2
0
votes
0 answers

How to trick the SYS_read execution with ptrace

I'm wondering whether we could use ptrace to trick a syscall execution. For example, can we trick the SYS_read with a pre-defined input, so that application users will not have to type anything from the keyboard? Thanks!
xiaogw
  • 653
  • 8
  • 18
0
votes
2 answers

On Linux 64-bit, can ptrace() return a double?

Assuming addr is address of a local variable on stack, are the following correct ways for retrieving the values of variables (ChildPid is tracee's id)? double data = (double) ptrace(PTRACE_PEEKDATA, ChildPid, addr, 0); float data = (float)…
Sohrab Honargohar
  • 31
  • 3
0
votes
0 answers

How to "redirect" filesystem read/write calls without root and performance degradation?

I have non-root access to a server that is shared by many users. I first develop and run some code locally, and then I want to rsync my data to a temporary location on a remote server and run my code on a remote server without changing any file…
Ben Usman
  • 7,969
  • 6
  • 46
  • 66
0
votes
1 answer

SIG_IGN does not work with PTRACE_TRACEME?

I'm testing an antidebug solution with ptrace method int main(int argc, char **argv) { void *handle; long (*go)(enum __ptrace_request request, pid_t pid); // get a handle to the library that contains 'ptrace' handle = dlopen…
daisy
  • 22,498
  • 29
  • 129
  • 265
0
votes
0 answers

Golang syscall get parameters of syscall

If you execute ./syscallprint ls -l it will print syscall ID's being called by ls -l command. syscallprint.go package main import ( "fmt" "os" "os/exec" "syscall" ) func main() { var regs syscall.PtraceRegs cmd :=…
Yogesh
  • 4,546
  • 2
  • 32
  • 41
0
votes
0 answers

variable stat_loc in function waitpid c

I have a code and I don't understand variable stat_loc compare 127 (0x7f), then it compare 5. Can you explain me??? Thank you very much !! int __fastcall m_loop(__int64 Input) { int result; int stat_loc; void *v3; __pid_t…
truong kiet
  • 1
  • 1
0
votes
0 answers

Is there a way to find with ptrace the address called when at RET instruction

First of all, sorry for the title which can't be less explicit, I just didn't knew how to write, so I'm gonna explain it here. Currently, I'm writing a small debugging tool in C using ptrace(). Right now, the program detects all of the function…
SamuelRousseaux
  • 107
  • 1
  • 1
  • 8
1 2 3
30 31