Stack Overflow
Stack Overflow

Questions tagged [ptrace]

The ptrace() system call provides a means by which a parent process may observe and control the execution of another process, and examine and change its core image and registers.

Ptrace stands for Process-trace. And is used extensively by debuggers such as GDB and DBX, by tracing tools like strace and ltrace.
By attaching to another process we can have extensive control on the target which includes manipulation of

  1. File Descriptors
  2. Registers
  3. Memory

It can single-step through the target's code, can observe system calls and their results, and can manipulate the target's signal handlers and both receive and send signals on its behalf.

The ability to write into the target's memory allows not only its data store to be changed, but also the applications own code segment, allowing the controller to install breakpoints and patch the running code of the target.

Basic tutorial on ptrace is available here and here.

465 questions
0
votes
3 answers

How to get a char* with ptrace

I am currently developing a tool in which I have to trace a program to know his system calls. For the moment, I am able to get numeric parameters of syscalls but I can't get properly address to the strings. Here is the way I proceed : long addr =…
Jeffrey Muller
  • 850
  • 1
  • 15
  • 28
0
votes
1 answer

Linux C++ ptrace -- Map all cells of a child processes memorys

I have a linked list similar to this: class MemoryCell { protected: unsigned char* _address; // the address offset (in another process) unsigned int _size; // the size of this memory block unsigned char* _buffer; // the data …
r00t_
  • 25
  • 1
  • 5
-1
votes
2 answers

ELF x86 executable entry point

void *entrypoint; /*virtual address of process*/ fscanf(debuggedfile, "%p", &entrypoint); where debuggedfile is the stream to an elf file at the offset where int entry point is. when i use ptrace(PTRACE_PEEKTEXT, 0, entrypoint, 0) it returns -1
rob
  • 345
  • 1
  • 5
  • 13
-1
votes
1 answer

A C example about using PTRACE_GETSIGMASK and PTRACE_SETSIGMASK?

Is there a C example about using PTRACE_GETSIGMASK and PTRACE_SETSIGMASK? I have not found any C example about using PTRACE_GETSIGMASK/PTRACE_SETSIGMASK, I wrote a simple code to test them, but it returns and EINVAL error. I am trying to modify the…
Pablo Pessolani
  • 1
-1
votes
2 answers

Rename ptrace funct something else? How?

In code, I'd use #include #include ptrace(PT_DENY_ATTACH, 0, 0, 0); to deny attaching to the process. I was wondering if there was a way to rename "ptrace()" to something less obvious. I tried copying ptrace.h into my…
JamesT
  • 23
  • 3
-1
votes
1 answer

Android disable ptrace debug for security

For security concern I want to stop any outside person to see or attach debugger to my app and can check logs of app. For this to prevent this I have came across JNI script which actually kill app if someone tries to attach debugger in release…
Wasim K. Memon
  • 5,979
  • 4
  • 40
  • 55
-1
votes
1 answer

retrieve information from a structure with ptrace

Here, I explain my problem, I am a beginner on the ptrace function and I would like to succeed in recovering the hard information of a structure. For example with this command, I will have strace -e trace = fstat ls a line: fstat (3, {st_mode = ...,…
g0blin
  • 25
  • 5
-1
votes
1 answer

dereferencing pointer to incomplete type ‘struct pt_regs’

I am trying to use ptrace on Android to hook. when I compile code below(with ndk or command "aarch64-linux-gnu-gcc hook1.c -o hook1"), I got the error message. I try to solve it, but I can not succeed. Could anyone help me?…
Young
  • 81
  • 6
-1
votes
1 answer

ptrace(), how can i stop getting traced in child process?

I want to trace only a part of C program for system calls. I am using ptrace() with PTRACE_TRACEME option to start getting traced. How to stop this process from getting traced after few lines of code. I am trying to use PTRACE_DETACH but it does not…
madAboutCoding
  • 31
  • 5
-1
votes
1 answer

Strength of anti-debugging technique

Having used to debug with tools like gdb etc, I have little knowledge about they get implemented. I am trying to implement an anti debugging technique in my program but having very little knowledge about debugging, I need some help. I have come…
awatan
  • 1,182
  • 15
  • 33
-2
votes
2 answers

Inline Assembler Syscall PTRACE(Operation not permitted)

Hello I´ve got a Problem #include #include #include #define SYS_PTRACE 101 long my_ptrace(long pid) { long ret; __asm__ volatile( "mov $0x10, %%rdi\n" "mov %0, %%rsi\n" "xor %%rdx,%%rdx\n" "xor %%r10, %%r10\n" "mov…
Benedict Schlüter
  • 329
  • 4
  • 16
-2
votes
2 answers

Linux user-space ELF loader after fork extremely strange behavior

Consider the following code (revisited to compile due to public demand :): #include #include #include #include #include #include #include #include…
nimi
  • 106
  • 6
-3
votes
1 answer

Redirect stdout of another process in Arm Linux

There is a process (not process that I wrote) in Arm Linux that write the stdout for /dev/console that unaccessible to me. How can I redirect that stdout to file ,so I can watch this process output? Of course I have root on this Arm Linux and I…
Johu6445
  • 11
-3
votes
2 answers

Safety of ptrace on x86_64

From Wikipedia: long: Long signed integer type. Capable of containing at least the [−2,147,483,647, +2,147,483,647] range; thus, it is at least 32 bits in size. From man ptrace: long ptrace(enum __ptrace_request request, pid_t pid, …
marmistrz
  • 5,974
  • 10
  • 42
  • 94
-5
votes
1 answer

`gs` missing from user_regs_struct?

I've got the following piece of code which failed to compile on i386 with "gs" missing. I've looked at the struct definition, and it's clearly there. Any idea what I got wrong? Thanks! struct user_regs_struct regs_struct; struct iovec pt_iov = { …
Curious Learner
  • 343
  • 2
  • 9
1 2 3
30
31