Linux: is there a way to use ptrace without stopping/pausing the process (SIGSTOP)?

后端 未结 2 1379
有刺的猬
有刺的猬 2021-01-21 09:01

I\'m trying to port a program from Windows to Linux.
I encountered a problem when I found out that there isn\'t a \"real\" ReadProcessMemory counterpart on Linu

相关标签:
2条回答
  • 2021-01-21 09:25

    After a lot of research I'm pretty sure that there isn't a way to use ptrace without stopping the process.
    I found a real ReadProcessMemory counterpart, called process_vm_readv, which is much more simple.

    I'm posting the code in the hope of helping someone who is in my (previous) situation.

    Many thanks to mkrautz for his help coding MemoryTest with this beautiful function.

    #include <QCoreApplication>
    #include <QThread>
    #include <sys/uio.h>
    #include <stdint.h>
    #include <stdio.h>
    #include <errno.h>
    #include <string.h>
    #include <iostream>
    
    using namespace std;
    
    class Sleeper : public QThread
    {
    public:
        static void usleep(unsigned long usecs){QThread::usleep(usecs);}
        static void msleep(unsigned long msecs){QThread::msleep(msecs);}
        static void sleep(unsigned long secs){QThread::sleep(secs);}
    };
    
    int main(int argc, char *argv[])
    {
        QCoreApplication a(argc, argv);
    
        char process_name[50];
        cout << "Process name: ";
        cin >> process_name;
    
        char command[sizeof(process_name) + sizeof("pidof -s ")];
        snprintf(command, sizeof(command), "pidof -s %s", process_name);
    
        FILE* shell = popen(command, "r");
        char pidI[sizeof(shell)];
        fgets(pidI, sizeof(pidI), shell);
        pclose(shell);
    
        pid_t pid = atoi(pidI);
    
        cout << "The PID is " << pid << endl;
    
        if (pid == 0)
            return false;
    
        struct iovec in;
        in.iov_base = (void *) 0x012345; // Example address, not the true one
        in.iov_len = 4;
    
        uint32_t foo;
    
        struct iovec out;
        out.iov_base = &foo;
        out.iov_len = sizeof(foo);
    
        do {
            ssize_t nread = process_vm_readv(pid, &out, 1, &in, 1, 0);
            if (nread == -1) {
                fprintf(stderr, "error: %s", strerror(errno));
            } else if (nread != in.iov_len) {
                fprintf(stderr, "error: short read of %li bytes", (ssize_t)nread);
            }
            cout << foo << endl;
            Sleeper::msleep(500);
        } while (true);
    
        return a.exec();
    }
    
    0 讨论(0)
  • 2021-01-21 09:39

    Davide,

    Have you had a look at the /proc filesystem? It contains memory map files that can be used to peek at the full process space. You can also write in the space to set a breakpoint. There is a wealth of other information in /proc as well.

    The PTRACE_CONT command can be used to continue a process. Generally, the target will be paused with a PTRACE_ATTACH when the debugger attaches.

    The man page says PTRACE_SIEZE should not pause the process. What flavor and version of Linux are you using? PTRACE_SIEZE has been around for quite awhile so I'm not sure why you are having trouble there.

    I note the addr value is set to 0x12345. Is this a valid address in the target space? Or was that just an example? How is the stack address of interest (&value) communicated between the two processes?

    I'm not too sure about the return codes. Generally a 0 means all is well, the errno may just be a hangover value from the last error.

    --Matt

    0 讨论(0)
提交回复
热议问题