Writing memory of the traced process.

Question

I am playing around with ptrace in linux. I am trying to write the memory of the traced process using /proc/pid/mem interface.

the function I ma using for accompli

Answer 1

ptrace(2) is a very arcane syscall, only used by debuggers and the like.

For sure, the documented PTRACE_POKEDATA request to ptrace should work (when the traced process is stopped) and gives you the ability to write into the memory of the traced process. I don't know if writing (or mmap-ing) to /proc/$pid/mem should work or not.

Googling on linux write /proc /mem give me notably this which suggests that /proc/$pid/mem was designed to be read-only, but might have been made writable in recent kernels. But recent Documentation/filesystems/proc.txt from kernel source tree don't say much.

I would be cautious about writing on /proc/$pid/mem; if it works (and it might not) it probably is very kernel version specific.

_{Perhaps mmap-ing some segments of that /proc/$pid/mem file does work (but I don't know). Have you tried that?}

In contrast, PTRACE_POKEDATA should work (it has existed in SunOS and many other Unixes before Linux existed). Of course, it is fairly slow.