Stack Overflow
Stack Overflow

Questions tagged [ptrace]

The ptrace() system call provides a means by which a parent process may observe and control the execution of another process, and examine and change its core image and registers.

Ptrace stands for Process-trace. And is used extensively by debuggers such as GDB and DBX, by tracing tools like strace and ltrace.
By attaching to another process we can have extensive control on the target which includes manipulation of

  1. File Descriptors
  2. Registers
  3. Memory

It can single-step through the target's code, can observe system calls and their results, and can manipulate the target's signal handlers and both receive and send signals on its behalf.

The ability to write into the target's memory allows not only its data store to be changed, but also the applications own code segment, allowing the controller to install breakpoints and patch the running code of the target.

Basic tutorial on ptrace is available here and here.

465 questions
0
votes
1 answer

Ptrace: IMG load detector

How can I detect IMG load? Im trying to detect when the program is loaded into memory in order to put interrupts before each function. I'm trying to do something like PIN's IMG_AddInstrumentFunction. I'm lost and I can't found info about it. Thx
Marc
  • 129
  • 1
  • 12
0
votes
2 answers

How to stop a process over a consistent time interval in order to execute a measurement function?

I am using the Linux ptrace API in a profiler I am writing. My pseudo C code looks like this: setjmp(); measure(); alarm(N); while(1) { waitpid(child, &status, WNOHANG); if(child_process_exiting) { measure(); break; …
kobrien
  • 2,931
  • 2
  • 24
  • 33
0
votes
1 answer

ptrace Java program using C/C++

I have problem similar to my previous one presented here. This time I want use program written in c/c++ to track execution of JAVA program. So as I stated before same code which track stdout printing for c/c++ and register syscall 4 haven't done it…
abc
  • 2,371
  • 3
  • 25
  • 36
0
votes
1 answer

Detect call's offset with ptrace

I'm trying to do a program that can detect calls with the function ptrace. Using PTRACE_SINGLESTEP I can run a program instructions by instructions, then, when I get the OP_CODE 0xe8 pointed by the register RIP, I use PTRACE_PEEKTEXT to get the 4…
Jérémie Charrier
  • 183
  • 1
  • 8
0
votes
1 answer

ptrace(PTRACE_CONT) cannot resume just-attached processes

I am writing a program that needs to attach to other processes (which might be created by a previous instance of my program) and watch when they terminate. If I keep my program running during the lifetime of the processes I created, everything works…
napie
  • 41
  • 5
0
votes
1 answer

Getting a zombie process after a ptrace signal sent

I am testing ptrace and signals. The problem is that when I am forwarding a signal with sigaction and then senting the interrupt signal to the process via kill(pid, SIGKILL) and after the ptrace(PTRACE_SYSCALL, pid, NULL, tracee_signal) the…
Chris
  • 3,619
  • 8
  • 44
  • 64
0
votes
2 answers

Process stopped if executed in background

Below given code(process1) is similar to actaul scanrio. Im updating the global_data from another application using process id of the process1. Because of getchar() in process1, when I run this process like, $ ./process1 & following message is…
Jeyaram
  • 9,158
  • 7
  • 41
  • 63
0
votes
1 answer

c, how to get the offset for for thread local variables using ptrace command?

Here we are trying to modify our own version of GDB to support multi-threaded environment. Till now I could able to read the data associated with registers with respect to every thread but need to find out the way with which we can read thread local…
user2064119
  • 3
  • 2
0
votes
2 answers

Can't attach child process in release build (Android)

I try to fork and then trace my child by calling ptrace(PTRACE_ATTACH, iChildPid, 0, 0) on Android: - and get success when working with a debug build - and get failure with a release build (Operation not permitted (1)) Where I'm wrong?
dd00
  • 1
0
votes
0 answers

Tracing all threads spawned by a process

I am struggling to understand the behaviour of ptrace when the treaced process t1 invoke clone() and fork () and spawns another thread t2. According to the documentation t1 is stopped by the kernel via SIGSTOP signal, while the tracer start tracing…
Giuseppe Pes
  • 7,772
  • 3
  • 52
  • 90
0
votes
1 answer

Return value of mmap when using ptrace

I was learning how to use ptrace and I faced a strange problem: I wrote a program: #include #include #include #include int main() { long x=(long)mmap(0,-235,2,34,-1,0); printf("Child: x=%ld (",x); …
John Smith
  • 3
  • 2
0
votes
1 answer

Memory debugger with ptrace

I would like to expand an existing tool with the functionality of a memory debugger (just leak detection). I know that some memory debuggers work by replacing malloc/free and keeping track of what is pending to be freed and who allocated it; or by…
imreal
  • 10,178
  • 2
  • 32
  • 48
0
votes
2 answers

linux ptrace() get function information

i want to catch information from user defined function using ptrace() calls. but function address is not stable(because ASLR). how can i get another program's function information like gdb programmatically? #include #include…
osmund sadler
  • 1,021
  • 2
  • 15
  • 27
0
votes
1 answer

ptrace watchpoint on register

I am writing a C-Program with some debugging functionality. I need to set a breakpoint on register access of the ptraced process. What is the best way to do that?
salbei
  • 13
  • 2
0
votes
1 answer

Why does strace following a different execution flow?

I am referring the following article learning symbolic link attacks: struct stat st; FILE * fp; if (argc != 3) { fprintf (stderr, "usage : %s file message\n", argv [0]); exit(EXIT_FAILURE); } if (stat (argv [1], & st) < 0) { fprintf (stderr,…
kidd0
  • 731
  • 2
  • 8
  • 25
1 2 3
30
31