I've been attempting to understand how to read the memory of other processes on Mac OS, but I'm not having much luck. I've seen many examples online using ptrace with PEEKDATA and such, however it doesn't have that option on BSD (man page). Does anyone know how I might do this? Thank you. ...
I'd like to be able to track file read/writes of specific program invocations. No information about the actual transactions is required, just the file names involved. Is there a cross platform solution to this? What are various platform specific methods? On linux I know there's strace/ptrace (if there are faster methods that'd be goo...
Reading http://stackoverflow.com/questions/864839/monitoring-certain-system-calls-done-by-a-process I'm wondering about a Windows equivalent to the ptrace syscall or a programatically workaround. ...
Reading http://stackoverflow.com/questions/864839/monitoring-certain-system-calls-done-by-a-process I'm wondering about a Windows equivalent to the ptrace syscall or a programatically workaround. I had an answer in http://stackoverflow.com/questions/865106/is-there-something-like-linux-ptrace-syscall-in-windows but It requires a recent ...
Hello all. I'm looking for an efficient way to access(for both read and write operations) the memory space of my ptraced child process. The size of blocks being accessed may vary from several bytes up to several megabytes in size, so using the ptrace call with PTRACE_PEEKDATA and PTRACE_POKEDATA which read only one word at a time and sw...
I am writing a GUI oriented debugger which targets Linux primarily, but I plan ports to other OSes in the future. Because the GUI must stay interactive at all times, I have a few threads handling different things. Primarily I have a "debug event" thread which simply loops waiting for waitpid to return and delivers the received events to...
Hi, on a Linux machine, I am using ptrace with the PTRACE_SINGLESTEP parameter to count the number of machine instructions of a program. I followed this article: http://www.ncsu.edu/it/mirror/ldp/LDP/LGNET/81/sandeep.html. However, the result seems odd to me. For a very simple program, over 95000 machine instructions are counted. The t...
I am looking for a neat way to trap and fiddle with the CPUID instruction of Linux processes. Played around with ptrace() and patching all cpuid opcodes in all executable mmap'ed regions that are created by a process, replacing them by int3's. Didn't work that well since the CPUID opcode bytes appears quite often as parts of other longer...
Hello Can child process use the ptrace system call to trace its parent? Os is linux 2.6 Thanks. upd1: I want to trace process1 from "itself". It is impossible, so I do fork and try to do ptrace(process1_pid, PTRACE_ATTACH) from child process. But I can't, there is a strange error, like kernel prohibits child from tracing their parent...
Someone added to the Wikipedia "ptrace" article claiming that, on Linux, a ptraced process couldn't itself ptrace another process. I'm trying to determine if (and if so why) that's the case. Below is a simple program I contrived to test this. My program fails (the sub sub process doesn't run properly) but I'm pretty convinced it's my ...
Hello Can I distinguish signal, between delivered directly to a process and delivered via debugger. Case 1: $ ./process1 process1 (not ptraced) //set up handler alarm(5); .... //signal is handled and I can parse handler parameters Case 2: $ debugger1 ./process1 process1 (is ptraced by debugger1) //set up handler alarm(5);...
Hi, i am working on an application which needs call stack of all executing processes on Linux. i am trying to use ptrace but not able to go ahead with it because the steps i need to follow in my code are not clear to me. i also tryied backtrace, but its use is limmited to current process. could some one guide me on the same. Thanks,...
Hi, i am using ptrace to get information related to Callstack on Linux. i can retrieve Spack Pointer to my stack using register returned by ptarces. but using this stack pointer how can i retrieve information related to Function name and signature of current call stack? are there any Linux APIs to traverse this callstack? please help....
Hello. I am compiling C++ on *nix and I would like to generate a stack dump a) at an arbitrary point in the program, b) during any signal, particularly during SIGSEGV. Google tells me that ptrace is probably the tool for the job, but I can't find any comprehensible examples of walking the stack. Getting the return address, yeah, but wh...
I want to get address of instruction that causes external program to SIGSEGV. I tried using ptrace for this, but I'm getting EIP from kernel space (probably default signal handler?). How GDB is able to get the correct EIP? Is there a way to make GDB provide this information using some API? edit: I don't have sources of the program, onl...
Hello ALL, i am using ptrace() call to walk the Stack on Linux x86_64 a 64 bit m/c. my requirement was to Walk the stack of a Process(ABC) periodically. so i created a separate process which is child of Process(ABC). this Child Process should walk the Stack of its parent after every 1 sec, so both the process should run simultaneously. ...
hello all, Following is my requirement. while process A is running. attach Process A from B with PTRACE_ATTACH. Start a Loop Stop Process A read registers Resume Process A sleep(1) end loop detach A i am facing issue with Start and Resume Process A from the loop. i tried combination of kill(pid,SIGSTOP), kill(pid,SIGCONT), PTRACE...
Hello all, i need some help on retrieving Instruction pointers(RIP) of a call stack on Linux 64 bit machine. i can traverse the Stack using ptrace and retrieve all Frame/Base pointer(RBP) values. but as i want IP values, what is the arithmetic and conceptual relationship between RIP and RBP. i assume that RIP value is stored at (RBP + 8...
What is the difference between struct reg and struct user_regs_struc on Linux 64 bit machine? ...
Hello, is it possible to Trace multithreaded application like java process with ptrace? how is it possible? any sample implementation please. Simple Program in java has 14 LWPs(Threads) running. how do we follow each thread?i faced several difficulties while START and STOP signal handling in java. i have used ptrace for tracing the s...