Stack Overflow
Stack Overflow

Questions tagged [ptrace]

The ptrace() system call provides a means by which a parent process may observe and control the execution of another process, and examine and change its core image and registers.

Ptrace stands for Process-trace. And is used extensively by debuggers such as GDB and DBX, by tracing tools like strace and ltrace.
By attaching to another process we can have extensive control on the target which includes manipulation of

  1. File Descriptors
  2. Registers
  3. Memory

It can single-step through the target's code, can observe system calls and their results, and can manipulate the target's signal handlers and both receive and send signals on its behalf.

The ability to write into the target's memory allows not only its data store to be changed, but also the applications own code segment, allowing the controller to install breakpoints and patch the running code of the target.

Basic tutorial on ptrace is available here and here.

465 questions
8
votes
2 answers

can you use multiple threads to ptrace an application?

I am writing a GUI oriented debugger which targets Linux primarily, but I plan ports to other OSes in the future. Because the GUI must stay interactive at all times, I have a few threads handling different things. Primarily I have a "debug event"…
Evan Teran
  • 87,561
  • 32
  • 179
  • 238
7
votes
2 answers

How to play with ptrace on x86-64?

I'm following the tutorial here, and modified a little for x86-64(basically replace eax to rax,etc) so that it compiles: #include #include #include #include #include #include…
Je Rog
  • 5,675
  • 8
  • 39
  • 47
7
votes
1 answer

Can ptrace tell if an x86 system call used the 64-bit or 32-bit ABI?

I'm trying to use ptrace to trace all syscalls made by a separate process, be it 32-bit (IA-32) or 64-bit (x86-64). My tracer would run on a 64-bit x86 installation with IA-32 emulation enabled, but ideally would be able to trace both 64-bit and…
ameed
  • 1,132
  • 6
  • 25
7
votes
1 answer

How does ptrace POKETEXT works when modifying program text?

Does it bypass read only page permissions of the traced process? Or does it need to change permission temporarily to be writable? If that's the case is the permission change visible to the traced process?
budchan chao
  • 327
  • 3
  • 15
7
votes
1 answer

Parsing Call and Ret with ptrace.

I try to parse all the Calls and Rets from an executable with ptrace. Conforming the the x64opcode, I found opcodes for Calls: 0xe8 and for Rets: 0xc3, 0xc2, 0xca, 0xcb. Since I parsed them I found more Rets than Calls. There is the program I…
jules vautier
  • 73
  • 4
7
votes
2 answers

No such process - ptrace

Problem statement: a program C is composed of a loop. The execution of this program must be controlled by another process that will periodically display the progress of the controlled process. After kill(pid, SIGSTOP), the function…
Mirel Vlad
  • 2,032
  • 3
  • 27
  • 35
7
votes
1 answer

Why ptrace doesn't attach to process after setuid?

I have a problem with my Linux daemon program. It starts with root privileges, does some configuration, then permanently drops privileges by switching to some user and group and continues working. The switch to the non-privileged user is done like…
user3232765
  • 171
  • 1
  • 6
7
votes
3 answers

Running arbitrary unfriendly Python code on my server

I'm making a game where users can write Python programs to control robots that fight each other. Every turn (in a thousand-turn game) their script will be run on my server to determine the robot's next move. How can I prevent these users from being…
user2058002
7
votes
2 answers

How can I read the memory of a process in python in linux?

I'm trying to use python and python ptrace to read the memory of an external process. I need to work entirely in python, and I've been trying to read and print out the memory of a process in linux. So for example I've tried the following code,…
rvorderm
  • 199
  • 3
  • 15
7
votes
2 answers

How to prevent a system call from being executed with ptrace

I'm working on a Ideone-like system where untrusted user code must run in sandboxed mode. For this I've been looking the possibilities of ptrace for a first layer of protection. However, after a few experiments it seems that: I can intercept a…
StackedCrooked
  • 34,653
  • 44
  • 154
  • 278
6
votes
2 answers

GDB strace shows it tries to ptrace at an invalid address

I encountered such error when executing ni command during gdb debugging: Warning: Cannot insert breakpoint 0. Error accessing memory address 0x3ac706a: Input/output error. 0xf6fa4771 in siglongjmp () from /lib/libc.so.6 To investigate what…
Ma Yaming
  • 173
  • 1
  • 7
6
votes
2 answers

How to prevent a process from spawning more childs

I am working on an online judge for conducting ACM-ICPC like competitions on my college LAN. For that I require that the judge may be safe enough to prevent malicious programs from executing themselves on my server. (An example of such a program…
bashrc
  • 4,725
  • 1
  • 22
  • 49
6
votes
1 answer

Ignoring a system call

I know that you can trap a system call by using ptrace. But what I wanna do is to ignore a system call. So is that possible for ptrace to trap a system call, see its number and if the number is of a system call that has to be ignored, the ptrace…
MetallicPriest
  • 29,191
  • 52
  • 200
  • 356
6
votes
1 answer

Is there something like Linux ptrace syscall in Windows XP/2003?

Reading Monitoring certain system calls done by a process in Windows, I'm wondering about a Windows equivalent to the ptrace system call or a programmatical workaround. I had an answer in Is there something like the Linux ptrace syscall in Windows?,…
cort
  • 1,088
  • 1
  • 11
  • 20
6
votes
2 answers

How can Linux ptrace be unsafe or contain a race condition?

I'd like to implement a sandbox by ptrace()ing a process I start and all its children would create (including grandchildren etc.). The ptrace() parent process, i.e. the supervisor. would be a simple C or Python program, and conceptually it would…
pts
  • 80,836
  • 20
  • 110
  • 183
1 2
3
30 31