ptrace

linux应用调试技术之GDB和GDBServer

人走茶凉 提交于 2019-12-26 19:03:58
1、调试原理   GDB调试是应用程序在开发板上运行,然后在PC机上对开发板上得应用程序进行调试 ,PC机运行GDB,开发板上运行GDBServer 。在应用程序调试的时候,pc机上的gdb向开发板上的GDBServer发出命令,而开发板上的gdbserver就会向应用程序发出信号,使应用程序停下来或者完成其他一些工作。 2、安装GDB和GDBServer (gdb-7.4.tar.bz2 )   2.1、GDB       1、下载: http://ftp.gnu.org/gnu/gdb/     2、解压:tar xvf gdb-7.4.tar.bz2     3、配置:cd gdb-7.4/ ./configure --target=arm-linux     4、编译:make     5、安装:mkdir tmp make install prefix=$PWD/tmp     6、拷贝:cp tmp/bin/arm-linux-gdb /bin/     7、查看版本 /bin/arm-linux-gdb -v (使用绝对路径使用gdb)   2.2、GDBServer     1、cd gdb/gdbserver/     2、配置: ./configure --target=arm-linux --host=arm-linux     3、编译: make CC

weird behavior setting RIP with ptrace

做~自己de王妃 提交于 2019-12-24 17:02:42
问题 Basically I am using ptrace to inject a shell code to a remote process for execution. But I found some weird behavior regarding RIP register. What I do is I copy my shell code to the start address of where the program is mapped. Then I set the RIP using ptrace to the address where the start address is. And then I resume the target process for executing the code. Once the shell code finishes (by running int3 ) I will get signal and recover the code that I just modified. It works fine except

Extracting system call name and arguments using ptrace

眉间皱痕 提交于 2019-12-24 00:10:03
问题 I am working on an assignment in which i have to implement strace like functionality using ptrace . So far, I have found out how to extract system call number and return value like this: //In parent process struct user_regs_struct regs; ptrace( PTRACE_GETREGS, child_pid, 0, &regs ); //child_pid is the pid of child process executing the required program //or system call passed as command line arguments syscall_num = regs.orig_rax; syscall_retval = regs.rax; But I haven't been able to find how

Why WIFSIGNALED(status) fail to detect signals while tracing a process with ptrace?

五迷三道 提交于 2019-12-23 03:42:19
问题 I am using ptrace to trace a child process. It works perfectly well when the child process exit normally. But if it exit abnormally, the program get into an infinite loop in-spite of using the macro WIFSIGNALED(&status). Here is sample child process: try.c int main() { int a=5/0; } And here is tracing program #include <sys/ptrace.h> #include <sys/types.h> #include <sys/wait.h> #include <unistd.h> #include <sys/user.h> #include <sys/syscall.h> /* For SYS_write etc */ #include <sys/reg.h>

App上架应用市场,如何攻破安全过检难题

旧巷老猫 提交于 2019-12-22 16:47:28
App的安全过检与众所熟知的安全检测是两个完全不同的概念。首先App行业本身对App安全过检有一定的要求与规范,其次2017年6月1日正式实施的《中国网络安全法》中就曾要求App在渠道上线时进行实名认证,同时还要完成相应的安全检测。App这一上线过程就称为安全过检或者叫做安全候审。 App安全过检过程中遇到哪些问题 App在具体过检时所参考的一个细则就是《移动应用安全检测基本要求》,这个要求总共分为四大类,其中包括应用层、网络层、数据层以及服务器端。而安卓App本身的一些安全点,总共分为十个,分别是程序代码安全、程序代码防护、密码与安全策略、权限与界面安全、动态调试检测、SO注入检测、内存数据保护、隐私与存储安全、日志泄漏检测、通信数据安全等。 一、程序代码安全 第一块与用户信息收集要求相关。APP上架时对用户信息收集是有一定要求的,收集用户信息就明确相关的法律声明以及相关隐私政策。假如App没有获取用户隐私数据,但是使用了三方平台去收集,这个也要声明清楚App使用了哪个三方平台去收集用户数据,收集用户数据的目的等。 上图就是我们常见的一个APP展示页面,虽然大部分用户没有仔细阅读过以上信息,但是法律声明及隐私政策的展示是收集用户信息的硬性要求。 第二块与调用系统权限检测相关。调用系统权限需要遵循权限最小原则,同时App申请的权限要遵守用户的同意。 第三块是源代码的安全性

ptrace PTRACE_ATTACH failure - Linux permissions of user owned process

本小妞迷上赌 提交于 2019-12-22 13:52:19
问题 Why do I need to run as root (not r00t_)? // main() scan.scanProcessOffset(10838, 0x7f8c14000000); // proper pid and offset void MemoryMapper::scanProcessOffset(unsigned int procId, unsigned long long offset) { long attach = ptrace(PTRACE_ATTACH, procId, NULL, NULL); cout << attach << endl << errno << endl; long memory = ptrace(PTRACE_PEEKDATA, procId, offset); if (memory == -1 && errno == 3) { cout << errno << endl; errno = 0; } cout << memory; } As you can see the process I'm hooking into

Linux操作系统 进程之间的通信

孤人 提交于 2019-12-20 18:13:45
进程之间的通信 预备知识: 1、用户态和内核态,当一个进程在执行用户自己的代码时处于用户运行态(用户态);当一个进程因为系统调用陷入内核代码中执行时处于内核运行态(内核态)。 2、进程之间的通信(Inter Processs Communication- IPC )实现机制有:管道、消息队列、信号值、信号、共享内存、共享映射文件、套接字等。 3、及时通信:信号(类似中断);非及时通信:共享内存、邮箱、管道、套接字、 4、常见的信号:终止信号、定时器信号、用户自定义信号等 5、信号: 用户、系统或者进程 发送给 目标进程 的 信息 ,以通知目标进程某个 状态的改变 或 系统异常 。 6、 PCB(progress control block- 进程控制块),系统通过PCB,描述进程和控制进程。在Linux系统下,PCB是 task_struct结构体(进程描述符) 。   1、 进程状态 :记录进程是处于运行状态还是等待状态   2、 调度信息 :进程由哪个函数调度,具体怎样调度等   3、进程之间的 通讯状况   4、进程之间的 亲属关系 :在父进程和子进程之间有task_struct类型的指针,将父进程和子进程联系起来   5、 时间数据信息 :每个进程执行所占用CPU的时间   6、 进程的标志   7、 进程的标识符 :该进程唯一的标识符用来区别其他进程   8、

Cancel a system call with ptrace()

喜欢而已 提交于 2019-12-18 15:49:41
问题 For some security purpose, I use ptrace to get the syscall number, and if it's a dangerous call (like 10 for unlink), I want to cancel this syscall. Here's the source code for the test program del.c . Compile with gcc -o del del.c . #include <stdio.h> #include <stdlib.h> int main() { remove("/root/abc.out"); return 0; } Here's the security manager source code test.c . Compile with gcc -o test test.c . #include <signal.h> #include <syscall.h> #include <sys/ptrace.h> #include <sys/types.h>

How does ptrace work with 2 different processes?

谁说胖子不能爱 提交于 2019-12-14 04:00:50
问题 I was reading about ptrace on the net and found that a process can request to trace another process by using PTRACE_ATTACH but apparently all the examples available involve the use of fork(). What I want is to have 2 programs - prg1.c and prg2.c where prg2.c should trace prg1.c. I tried using PTRACE_ATTACH in prg2.c but it seems that the call failed - prg2.c couldn't trace prg1.c . How does ptrace work ? Can anybody explain ? Code for prg1.c : #include <stdio.h> #include <sys/ptrace.h>

ptrace %edx for sys_open inconsistent

岁酱吖の 提交于 2019-12-13 19:07:59
问题 I am trying to get the filename from the sys_open system call using ptrace. I get the filepath pointer, and I am able to get the correct data from that address, however, I need a way to know how much data to get, ie the length of the filename. I thought this value was supposed to be in edx, but that doesn't seem to be the case here. Any thoughts? orig_eax = ptrace(PTRACE_PEEKUSER, child, 4 * ORIG_EAX, NULL); if(orig_eax == __NR_open){ ptrace(PTRACE_GETREGS, child, NULL, &regs); if(regs.eax >
订阅 ptrace