01-13-2009
Memory sniffing in linux
I am trying to create an application that will be able to sniff memory of other applications.
I am not completely new to systems programming but I am not sure how to go about this task. I understand that accomplishing this mainly require these steps.
1: Get a list of processes
2: Find the process you want to sniff.
3: Get a list of page tables assigned to that process
4: Get R / R/W access to these page tables.
5: Sniff away.
I can do 1&2 just fine, but I have no clue how to accomplish the rest.
I understand that 3 will have to do something with the process control block, and 4 will probably have to do with some system calls with high privileges.
Any advice on doing this would be appreciated, and if there are any books on this subject in particular, that would be great as well.
9 More Discussions You Might Find Interesting
1. IP Networking
Hi All,
On a solaris box A port B
in which port B is established and receiving data.
My question is how do i listen on that established port ,
how can i get the data received at box A: port B through my application
I had searched the forum for the same, but i am unable to retrieve the... (5 Replies)
Discussion started by: matrixmadhan
5 Replies
2. Programming
Hi,
Does any one know what tool to use to visualize how is memory layed out for C on linux systems. I mean how much stack portion is used in functional call.
Where exactly does the argument to function sit in memory ?
I have written small program pasted below. But I am not able to infer... (3 Replies)
Discussion started by: parasa
3 Replies
3. UNIX for Advanced & Expert Users
Hi,
I having problem with my linux machine
it have 6Gb physical memory and somehow it always almost coming to the bottom neck and than it start writing to the swap memory
you can see that there is more than 4G in cahce, is there any way to clean the cache or to limit it to 2Gb?
host1... (6 Replies)
Discussion started by: Igal Malka
6 Replies
4. Programming
Can someone please help me figure out how to use pcap.h to sniff packets between only 2 computers whose mac addresses are know?
Thanks (0 Replies)
Discussion started by: papabearcares
0 Replies
5. Shell Programming and Scripting
Can someone please help me figure out how to use pcap.h to sniff packets between only 2 computers whose mac addresses are know?
Thanks (0 Replies)
Discussion started by: papabearcares
0 Replies
6. Linux
Hi All,
We are using the linux servers and need to track the memory utilization of the box. Could anyone advice how the same can be achived.
:) (1 Reply)
Discussion started by: haitorajesh
1 Replies
7. What is on Your Mind?
Are we safe using the everyday wired keyboard? Although this concept is old, I had never seen an actual implementation on the matter until a few days ago. (Four ways of sniffing the electromagnetic emanations of wired keyboards currently on the market in up to 20 meters.)
Check the videos at:... (2 Replies)
Discussion started by: redoubtable
2 Replies
8. Red Hat
Hello, I am using Linux os.
$ df -k /dev/shm
Filesystem 1K-blocks Used Available Use% Mounted on
tmpfs 2023256 1065000 958256 53% /dev/shm
$
Based on my google this, it is shared memory. What is this shared memory and where exactly it is used? Can you... (5 Replies)
Discussion started by: govindts
5 Replies
9. Linux
Hi All,
We are running a python application on an RHEL 7 VM machine hosted in Azure. Machine has 8GB of memory & 2GB of swap space configured as swap file. Below the output of free command from the server.
#-> free -h
total used free shared buff/cache ... (12 Replies)
Discussion started by: veeresh_15
12 Replies
setpgid(2) System Calls Manual setpgid(2)
NAME
setpgid(), setpgrp2() - set process group ID for job control
SYNOPSIS
DESCRIPTION
The and system calls cause the process specified by pid to join an existing process group or create a new process group within the session
of the calling process. The process group ID of the process whose process ID is pid is set to pgid. If pid is zero, the process ID of the
calling process is used. If pgid is zero, the process ID of the indicated process is used. The process group ID of a session leader does
not change.
is provided for backward compatibility only.
Security Restrictions
Some or all of the actions associated with this system call are subject to compartmental restrictions.
See compartments(5) for more information about compartmentalization on systems that support that feature. Compartmental restrictions can
be overridden if the process possesses the privilege (COMMALLOWED). Processes owned by the superuser may not have this privilege. Pro-
cesses owned by any user may have this privilege, depending on system configuration.
See privileges(5) for more information about privileged access on systems that support fine-grained privileges.
RETURN VALUE
and return the following values:
Successful completion.
Failure.
is set to indicate the error.
ERRORS
If or fails, is set to one of the following values.
The value of pid matches the process ID of a child process of the calling process and the child process has successfully executed
one of the exec(2) functions.
The value of pgid is less than zero or is outside the range of valid process group ID values.
The process indicated by
pid is a session leader.
The value of pid is valid but matches the process ID of a child process of the calling process, and the child process is not in
the same session as the calling process.
The value of pgid does not match the process ID of the process indicated by pid and there is no process with a process group ID
that matches the value of pgid in the same session as the calling process.
The value of pid does not match the process ID of the calling process or of a child process of the calling process.
AUTHOR
and were developed by HP and the University of California, Berkeley.
SEE ALSO
bsdproc(3C), exec(2), exit(2), fork(2), getpid(2), kill(2), setsid(2), signal(2), privileges(5), termio(7).
STANDARDS CONFORMANCE
setpgid(2)