ptrace

问题 I would like to expand an existing tool with the functionality of a memory debugger (just leak detection). I know that some memory debuggers work by replacing malloc/free and keeping track of what is pending to be freed and who allocated it; or by running the process on sort of a virtual machine and monitoring memory accesses. I want to know if it makes sense to use ptrace() to set breakpoints on malloc/free, instead rebuilding with dmalloc for example, and monitoring allocations in a

问题 What is the difference between struct reg and struct user_regs_struc on Linux 64 bit machine? 回答1: struct user_regs_struct { unsigned long r15; unsigned long r14; unsigned long r13; unsigned long r12; unsigned long rbp; unsigned long rbx; unsigned long r11; unsigned long r10; unsigned long r9; unsigned long r8; unsigned long rax; unsigned long rcx; unsigned long rdx; unsigned long rsi; unsigned long rdi; unsigned long orig_rax; unsigned long rip; unsigned long cs; unsigned long eflags;

问题 I'm have a tracer process that traces a network application. Given a socket file descriptor belonging to the tracee, would it be possible for the tracer to find the IP it corresponds to(in the case of a server the IP of the interface it binds to, in the case of a client the address of the interface used to make the connection), the port number and the type of connection? Are there libc APIs that could be used to make this work? Any information in /proc that could be used? Also, would there be

问题 I'll looking for advice/resources to write a program that can intercept system calls from a programm to supervise it's filesystem, network, etc access. The aim of this is to write an online judge, so that untrusted code can be run safely on a server. This is on linux, and I would prefer to write C++ or a scripting langauge (ruby, python, etc), and a library would be great! Thanks. 回答1: This looks like a good place to start. http://www.linuxjournal.com/article/6100 回答2: You can't safely use

问题 I've been trying to use the system call "ptrace" (using the PTRACE_SINGLESTEP macro) to trace the execution of a simple application. While recording the execution of the program I would like to skip the useless part of the reading to only follow from the 'main' of my application. Because whenever I launch my tracer I get around 100k execution steps. Cordialy 回答1: You may want to insert a breakpoint at main entry, wait for a SIGTRAP to arrive, restore the instruction under the breakpoint, and

问题 I test that on Linux and it seems that when the tracee is in a signal handler, the tracer can use ptrace() to attach to it, as usual. But since tracee is in a signal handler, some functions might not be OK to invoke because of the asyn-signal-safe problem. So, is there any methods to detect that situation after calling ptrace()? 回答1: This recent discussion may interest you. The short answer is that you can tell whether inferior (tracee) is in a signal handler by unwinding its stack, and

问题 Following is my requirement. while process A is running. attach Process A from B with PTRACE_ATTACH. Start a Loop Stop Process A read registers Resume Process A sleep(1) end loop detach A i am facing issue with Start and Resume Process A from the loop. i tried combination of kill(pid,SIGSTOP), kill(pid,SIGCONT), PTRACE_CONT. but didnt work. any other solutions please? Thanks in advance. Sandeep 回答1: Following code is working for me and seems to fulfill your requirements - A.c #include<stdio.h

问题 Let's say I have a process that contains three threads: A, B, and C. I want to use thread A to pause thread B, examine thread B's register values/stack contents, and then feed some of that information from thread B into thread C (via thread A). According to this post from Linus Torvalds, the ptrace syscall won't work here because the threads are within the same process. Is there another way of accomplishing this? Update: this question discusses why it doesn't work; I'd like to know if a work

问题 Someone added to the Wikipedia "ptrace" article claiming that, on Linux, a ptraced process couldn't itself ptrace another process. I'm trying to determine if (and if so why) that's the case. Below is a simple program I contrived to test this. My program fails (the sub sub process doesn't run properly) but I'm pretty convinced it's my error and not something fundamental. In essence the initial process A forks process B which in turn forks C . A ptraces its child B , B ptraces its child C .

问题 I want to write a program which reads the string table of a binary. Binary is in ELF running on REDHAT linux 32. I did the following - Read the Elf Header Read all the sections Below is the output of my progam. Entry Address of Binary - 0x8048340 Start of Program Header - 52 Start of section header - 3272 Size of header - 52 Number of section headers - 36 Size of each section headers - 40 Number of section headers - 36 Section header Offset - 3272 string tbl index for section[0] is 0 string