问题
Is there an equivalent of ReadProcessMemory windows function for reading (or writing) in another process memory ? I have tried to preload a shared library, i have also tried to debug (ptrace, peek and poke memory). It seems to work, but i am wondering if there is not a simplest way...
回答1:
Is there an equivalent of ReadProcessMemory
Yes: man ptrace (PTRACE_PEEKDATA
, etc.)
The ptrace
interface is generic to UNIX, and has nothing to do with ELF
(i.e. it also works on systems that use COFF
, or AOUT
as their normal executable format).
Is this this simplest way?
It's the only way on most UNIX platforms.
On Linux, you could also read/write /proc/$pid/mem
. Note however, that many kernels disable this for security reasons (having this file read/writable presents a huge security attack surface).
On Solaris, there has been a different /proc
interface, but (as far as I can tell) it has not been adopted on any other system.
来源:https://stackoverflow.com/questions/38140775/elf-read-write-in-other-process-memory