Linux iptrace6/20/2023 PTRACE_GETREGS and PTRACE_GETFPREGS are not present on all ( addr is ignored.) Note that SPARC systems have the meaning of data and addr reversed that is,ĭata is ignored and the registers are copied to the address addr. PTRACE_GETREGS, PTRACE_GETFPREGS Copy the tracee's general-purpose or floating-point registers, respectively, to the address data in the tracer. Order to maintain the integrity of the kernel, some modifications to the USER area are disallowed. As for PTRACE_PEEKUSER, the offset must typically be word-aligned. PTRACE_POKEUSER Copy the word data to offset addr in the tracee's USER area. As for PTRACE_PEEKTEXT and PTRACE_PEEKDATA, these two requests PTRACE_POKETEXT, PTRACE_POKEDATA Copy the word data to the address addr in the tracee's memory. Typically, the offset must be word-aligned, though this might varyīy architecture. The word is returned as the result of the ptrace() call. PTRACE_PEEKUSER Read a word at offset addr in the tracee's USER area, which holds the registers and other information about the process (see Text and data address spaces, so these two requests are currently equivalent. PTRACE_PEEKTEXT, PTRACE_PEEKDATA Read a word at the address addr in the tracee's memory, returning the word as the result of the ptrace() call. For requests other than PTRACE_ATTACH, PTRACE_SEIZE, PTRACE_INTERRUPT and Specifies the thread ID of the tracee to be acted on. The PTRACE_TRACEME request is used only by the tracee the remaining requests are used only by the tracer. A process probably shouldn't make this request if its parent isn't expecting to trace it. PTRACE_TRACEME Indicate that this process is to be traced by its parent. The value of request determines the action to be performed: When the tracer is finished tracing, it can cause the tracee to continue executing in a normal, untraced mode via PTRACE_DETACH. SIGTRAP signal, giving the parent a chance to gain control before the new program begins execution. If the PTRACE_O_TRACEEXEC option is not in effect, all successful calls to execve(2) by the traced process will cause it to be sent a The tracer then causes the tracee to continue, optionally ignoring the delivered signal (or even delivering a Requests to inspect and modify the tracee. While the tracee is stopped, the tracer can use various ptrace Its usual effect.) The tracer will be notified at its next call to waitpid(2) (or one of the related "wait" system calls) that call will returnĪ status value containing information that indicates the cause of the stop in the tracee. While being traced, the tracee will stop each time a signal is delivered, even if the signal is being ignored. Alternatively, one process may commence tracing another process using PTRACE_ATTACH or PTRACE_SEIZE. (Note that in this page, a "multithreaded process" means a thread group consisting of threads created using the clone(2) CLONE_THREADĪ process can initiate a trace by calling fork(2) and having the resulting child do a PTRACE_TRACEME, followed (typically) by anĮxecve(2). Where pid is the thread ID of the corresponding Linux thread. Ptrace commandsĪre always sent to a specific tracee using a call of the form Therefore, "tracee" always means "(one) thread", never Individually attached to a (potentially different) tracer, or left not attached and thus not debugged. Attachment and subsequent commands are per thread: in a multithreaded process, every thread can be Implement breakpoint debugging and system call tracing.Ī tracee first needs to be attached to the tracer. Observe and control the execution of another process (the "tracee"), and examine and change the tracee's memory and registers. The ptrace() system call provides a means by which one process (the "tracer") may
0 Comments
Leave a Reply. |