|
Home > Archive > Unix Programming > September 2004 > using ptrace system call
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
using ptrace system call
|
|
|
| I have written a small code for using ptrace (I am new to this system
call)
int main()
{
int pid;
struct user_regs_struct regs;
pid = fork();
if (pid == 0)
while(1);
ptrace(PTRACE_ATTACH, pid, 0, 0);
waitpid(pid, NULL, 0);
ptrace(PTRACE_GETREGS, pid, 0, ®s);
printf("esp = %ld", regs.esp);
}
But the code doesnt seem to work fine and hangs. I think it is waiting
at waitpid in parent. But man page of ptrace says that parent uses
waitpid after ATTACH. So where I am doing wrong and how to i print out
the register values of the child process?
Thanks
Ash
| |
| Andrei Voropaev 2004-09-15, 10:36 am |
| On 2004-09-15, Ash <amujoo@yahoo.com> wrote:
> I have written a small code for using ptrace (I am new to this system
> call)
>
> int main()
> {
> int pid;
> struct user_regs_struct regs;
>
> pid = fork();
> if (pid == 0)
> while(1);
>
> ptrace(PTRACE_ATTACH, pid, 0, 0);
> waitpid(pid, NULL, 0);
> ptrace(PTRACE_GETREGS, pid, 0, ®s);
> printf("esp = %ld", regs.esp);
> }
>
>
> But the code doesnt seem to work fine and hangs. I think it is waiting
> at waitpid in parent. But man page of ptrace says that parent uses
> waitpid after ATTACH. So where I am doing wrong and how to i print out
> the register values of the child process?
waitpid waits for your child to finish. The child is not going to
finish, so your parent is not going to go any further.
Andrei
| |
| Paul Pluzhnikov 2004-09-15, 10:36 am |
| amujoo@yahoo.com (Ash) writes:
> I have written a small code for using ptrace (I am new to this system
> call)
>
> int main()
> {
Please post *complete* test case so we would not have to guess
which headers it needs, and please specify your OS.
> But the code doesnt seem to work fine and hangs. I think it is waiting
> at waitpid in parent.
It probably does.
> So where I am doing wrong and how to i print out
> the register values of the child process?
Add 'ptrace(PTRACE_TRACEME, 0, 0, 0);' to the child.
Cheers,
--
In order to understand recursion you must first understand recursion.
Remove /-nsp/ for email.
| |
| manugarg 2004-09-15, 5:52 pm |
| well, I tried running this code on linux and it didn't hang. which unix
are you using?
Cheers,
-manu
----------------
Manu Garg
http://manugarg.freezope.org
| |
|
| "manugarg" <manugarg@gmail.com> wrote in message news:<ciajal$uv@odbk17.prod.google.com>...
> well, I tried running this code on linux and it didn't hang. which unix
> are you using?
> Cheers,
> -manu
> ----------------
I am using Linux only and it hangs. What I want to do is to get the
register values of the child process. HOw can this be done using
ptrace system call. Can you please write a short piece of code for
that which works on linux.
Thanks
Ash
| |
| Jan Engelhardt 2004-09-22, 9:21 pm |
|
>I am using Linux only and it hangs. What I want to do is to get the
>register values of the child process. HOw can this be done using
>ptrace system call. Can you please write a short piece of code for
>that which works on linux.
http://linux01.org:2222/f/hxtools/src/segvtracer.c
function dump_regs()
Jan Engelhardt
--
Gesellschaft für Wissenschaftliche Datenverarbeitung
Am Fassberg, 37077 Göttingen, www.gwdg.de
| |
|
| Well, here is the code:
$ cat ptrace.c
#include <sys/ptrace.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/user.h>
int main()
{
int pid;
struct user_regs_struct regs;
pid = fork();
if (pid == 0)
while(1);
ptrace(PTRACE_ATTACH, pid, 0, 0);
waitpid(pid, NULL, 0);
ptrace(PTRACE_GETREGS, pid, 0, ®s);
printf("esp = %ld\n", regs.esp);
}
and on running this, I get following output:
$./a.out
esp = -1073744176
Cheers,
-Manu
| |
|
| Is it possible to pass pid from a command line where pid is any
process running in the system and we want to trace that? Will the same
code work or it needs changes?
"manu" <manugarg@gmail.com> wrote in message news:<1095714887.420578.266830@k17g2000odb.googlegroups.com>...
> Well, here is the code:
> $ cat ptrace.c
> #include <sys/ptrace.h>
> #include <unistd.h>
> #include <sys/types.h>
> #include <sys/user.h>
>
> int main()
> {
> int pid;
> struct user_regs_struct regs;
>
> pid = fork();
> if (pid == 0)
> while(1);
>
> ptrace(PTRACE_ATTACH, pid, 0, 0);
> waitpid(pid, NULL, 0);
> ptrace(PTRACE_GETREGS, pid, 0, ®s);
> printf("esp = %ld\n", regs.esp);
> }
>
> and on running this, I get following output:
> $./a.out
> esp = -1073744176
>
> Cheers,
> -Manu
| |
| Barry Margolin 2004-09-24, 7:49 am |
| In article <60aab6b4.0409240143.456b20d4@posting.google.com>,
amujoo@yahoo.com (Ash) wrote:
> Is it possible to pass pid from a command line where pid is any
> process running in the system and we want to trace that? Will the same
> code work or it needs changes?
Yes, since ptrace() takes the PID as a parameter. You can use atoi to
convert the command line argument to an int.
Note that only the superuser can trace a process owned by another user.
[vbcol=seagreen]
>
>
> "manu" <manugarg@gmail.com> wrote in message
> news:<1095714887.420578.266830@k17g2000odb.googlegroups.com>...
--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
| |
|
| #include <sys/types.h>
#include <sys/user.h>
#include <sys/wait.h>
#include <sys/ptrace.h>
#include <stdio.h>
#include <unistd.h>
main(int argc, char *argv[])
{
int pid, status;
struct user_regs_struct regs;
if (argc < 2)
exit(0);
else
pid = atoi(argv[1]);
printf("pid = %d\n", pid);
ptrace(PTRACE_ATTACH, pid, 0, 0);
waitpid(pid, &status, 0);
ptrace(PTRACE_GETREGS, pid, 0, ®s);
printf("out of wait\n");
}
Here is the program that i wrote for tracing a pid other than child.
Why does it hang? Anybody?
Barry Margolin <barmar@alum.mit.edu> wrote in message news:<barmar-1C8BEC.09093424092004@comcast.dca.giganews.com>...[vbcol=seagreen]
> In article <60aab6b4.0409240143.456b20d4@posting.google.com>,
> amujoo@yahoo.com (Ash) wrote:
>
>
> Yes, since ptrace() takes the PID as a parameter. You can use atoi to
> convert the command line argument to an int.
>
> Note that only the superuser can trace a process owned by another user.
>
| |
| Andrei Voropaev 2004-09-30, 10:46 am |
| On 2004-09-28, Ash <amujoo@yahoo.com> wrote:
[...]
>
> Here is the program that i wrote for tracing a pid other than child.
> Why does it hang? Anybody?
Sorry. I've tried all of your programs and they work perfectly fine. How
shall the problem be fixed if I don't see any problem? Maybe the problem
is not in the code but in the OS you are using? I tried it on Linux with
kernel 2.6 and kernel 2.4.
Andrei
[vbcol=seagreen]
>
>
>
>
> Barry Margolin <barmar@alum.mit.edu> wrote in message news:<barmar-1C8BEC.09093424092004@comcast.dca.giganews.com>...
|
|
|
|
|