Unix/Linux Go Back    


NetBSD 6.1.5 - man page for ptrace (netbsd section 2)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)


PTRACE(2)			     BSD System Calls Manual				PTRACE(2)

NAME
     ptrace -- process tracing and debugging

LIBRARY
     Standard C Library (libc, -lc)

SYNOPSIS
     #include <sys/types.h>
     #include <sys/ptrace.h>

     int
     ptrace(int request, pid_t pid, void *addr, int data);

DESCRIPTION
     ptrace() provides tracing and debugging facilities.  It allows one process (the tracing
     process) to control another (the traced process).	Most of the time, the traced process runs
     normally, but when it receives a signal (see sigaction(2)), it stops.  The tracing process
     is expected to notice this via wait(2) or the delivery of a SIGCHLD signal, examine the
     state of the stopped process, and cause it to terminate or continue as appropriate.
     ptrace() is the mechanism by which all this happens.

     The request argument specifies what operation is being performed; the meaning of the rest of
     the arguments depends on the operation, but except for one special case noted below, all
     ptrace() calls are made by the tracing process, and the pid argument specifies the process
     ID of the traced process.	request can be:

     PT_TRACE_ME   This request is the only one used by the traced process; it declares that the
		   process expects to be traced by its parent.	All the other arguments are
		   ignored.  (If the parent process does not expect to trace the child, it will
		   probably be rather confused by the results; once the traced process stops, it
		   cannot be made to continue except via ptrace().)  When a process has used this
		   request and calls execve(2) or any of the routines built on it (such as
		   execv(3)), it will stop before executing the first instruction of the new
		   image.  Also, any setuid or setgid bits on the executable being executed will
		   be ignored.

     PT_READ_I, PT_READ_D
		   These requests read a single int of data from the traced process' address
		   space.  Traditionally, ptrace() has allowed for machines with distinct address
		   spaces for instruction and data, which is why there are two requests: concep-
		   tually, PT_READ_I reads from the instruction space and PT_READ_D reads from
		   the data space.  In the current NetBSD implementation, these two requests are
		   completely identical.  The addr argument specifies the address (in the traced
		   process' virtual address space) at which the read is to be done.  This address
		   does not have to meet any alignment constraints.  The value read is returned
		   as the return value from ptrace().

     PT_WRITE_I, PT_WRITE_D
		   These requests parallel PT_READ_I and PT_READ_D, except that they write rather
		   than read.  The data argument supplies the value to be written.

     PT_CONTINUE   The traced process continues execution.  addr is an address specifying the
		   place where execution is to be resumed (a new value for the program counter),
		   or (caddr_t)1 to indicate that execution is to pick up where it left off.
		   data provides a signal number to be delivered to the traced process as it
		   resumes execution, or 0 if no signal is to be sent.	If a negative value is
		   supplied, that is the negative of the LWP ID of the thread to be resumed, and
		   only that thread executes.

     PT_KILL	   The traced process terminates, as if PT_CONTINUE had been used with SIGKILL
		   given as the signal to be delivered.

     PT_ATTACH	   This request allows a process to gain control of an otherwise unrelated
		   process and begin tracing it.  It does not need any cooperation from the to-
		   be-traced process.  In this case, pid specifies the process ID of the to-be-
		   traced process, and the other two arguments are ignored.  This request
		   requires that the target process must have the same real UID as the tracing
		   process, and that it must not be executing a setuid or setgid executable.  (If
		   the tracing process is running as root, these restrictions do not apply.)  The
		   tracing process will see the newly-traced process stop and may then control it
		   as if it had been traced all along.

		   Three other restrictions apply to all tracing processes, even those running as
		   root.  First, no process may trace a system process.  Second, no process may
		   trace the process running init(8).  Third, if a process has its root directory
		   set with chroot(2), it may not trace another process unless that process's
		   root directory is at or below the tracing process's root.

     PT_DETACH	   This request is like PT_CONTINUE, except that after it succeeds, the traced
		   process is no longer traced and continues execution normally.

     PT_IO	   This request is a more general interface that can be used instead of
		   PT_READ_D, PT_WRITE_D, PT_READ_I, and PT_WRITE_I.  The I/O request is encoded
		   in a ``struct ptrace_io_desc'' defined as:

			 struct ptrace_io_desc {
				 int	 piod_op;
				 void	 *piod_offs;
				 void	 *piod_addr;
				 size_t  piod_len;
			 };

		   where piod_offs is the offset within the traced process where the I/O opera-
		   tion should take place, piod_addr is the buffer in the tracing process, and
		   piod_len is the length of the I/O request.  The piod_op field specifies which
		   type of I/O operation to perform.  Possible values are:

			 PIOD_READ_D
			 PIOD_WRITE_D
			 PIOD_READ_I
			 PIOD_WRITE_I

		   See the description of PT_READ_I for the difference between I and D spaces.	A
		   pointer to the I/O descriptor is passed in the addr argument to ptrace().  On
		   return, the piod_len field in the I/O descriptor will be updated with the
		   actual number of bytes transferred.	If the requested I/O could not be suc-
		   cessfully performed, ptrace() will return -1 and set errno.

     PT_DUMPCORE   Makes the process specified in the pid pid generate a core dump.  The addr
		   argument should contain the name of the core file to be generated and the data
		   argument should contain the length of the core filename.  This ptrace call
		   currently does not stop the child process so it can generate inconsistent
		   data.

     PT_LWPINFO    Returns information about a thread from the list of threads for the process
		   specified in the pid argument.  The addr argument should contain a ``struct
		   ptrace_lwpinfo'' defined as:

			 struct ptrace_lwpinfo {
				 lwpid_t pl_lwpid;
				 int pl_event;
			 };

		   where pl_lwpid contains a thread LWP ID.  Information is returned for the
		   thread following the one with the specified ID in the process thread list, or
		   for the first thread if pl_lwpid is 0.  Upon return pl_lwpid contains the LWP
		   ID of the thread that was found, or 0 if there is no thread after the one
		   whose LWP ID was supplied in the call.  pl_event contains the event that
		   stopped the thread.	Possible values are:

			 PL_EVENT_NONE
			 PL_EVENT_SIGNAL

		   The data argument should contain ``sizeof(struct ptrace_lwpinfo)''.

     PT_SYSCALL    Stops a process before and after executing each system call.

     PT_SYSCALLEMU
		   Intercept and ignore a system call before it has been executed, for use with
		   PT_SYSCALL.

     Additionally, the following requests exist but are not available on all machine architec-
     tures.  The file <machine/ptrace.h> lists which requests exist on a given machine.

     PT_STEP	   Execution continues as in request PT_CONTINUE; however as soon as possible
		   after execution of at least one instruction, execution stops again.	If the
		   data argument is greater than 0, it contains the LWP ID of the thread to be
		   stepped, and any other threads are continued.  If the data argument is less
		   than zero, it contains the negative of the LWP ID of the thread to be stepped,
		   and only that thread executes.

     PT_GETREGS    This request reads the traced process' machine registers into the ``struct
		   reg'' (defined in <machine/reg.h>) pointed to by addr.  The data argument con-
		   tains the LWP ID of the thread whose registers are to be read.  If zero is
		   supplied, the first thread of the process is read.

     PT_SETREGS    This request is the converse of PT_GETREGS; it loads the traced process'
		   machine registers from the ``struct reg'' (defined in <machine/reg.h>) pointed
		   to by addr.	The data argument contains the LWP ID of the thread whose regis-
		   ters are to be written.  If zero is supplied, the first thread of the process
		   is written.

     PT_GETFPREGS  This request reads the traced process' floating-point registers into the
		   ``struct fpreg'' (defined in <machine/reg.h>) pointed to by addr.  The data
		   argument contains the LWP ID of the thread whose registers are to be read.  If
		   zero is supplied, the first thread of the process is read.

     PT_SETFPREGS  This request is the converse of PT_GETFPREGS; it loads the traced process'
		   floating-point registers from the ``struct fpreg'' (defined in
		   <machine/reg.h>) pointed to by addr.  The data argument contains the LWP ID of
		   the thread whose registers are to be written.  If zero is supplied, the first
		   thread of the process is written.

     PT_DUMPCORE   Cause the traced process to dump core.  If the addr argument is not NULL it is
		   taken to be the pathname of the core file to be generated and the data argu-
		   ment should contain the length of the pathname.  The pathname may contain %
		   patterns that are expanded as described in sysctl(8).  If the data argument is
		   NULL, the default core file path generation rules are followed.

ERRORS
     Some requests can cause ptrace() to return -1 as a non-error value; to disambiguate, errno
     can be set to 0 before the call and checked afterwards.  The possible errors are:

     [EAGAIN]  Process is currently exec'ing and cannot be traced.

     [EBUSY]
	       o   PT_ATTACH was attempted on a process that was already being traced.
	       o   A request attempted to manipulate a process that was being traced by some
		   process other than the one making the request.
	       o   A request (other than PT_ATTACH) specified a process that wasn't stopped.

     [EINVAL]
	       o   A process attempted to use PT_ATTACH on itself.
	       o   The request was not a legal request on this machine architecture.
	       o   The signal number (in data) to PT_CONTINUE was neither 0 nor a legal signal
		   number.
	       o   PT_GETREGS, PT_SETREGS, PT_GETFPREGS, or PT_SETFPREGS was attempted on a
		   process with no valid register set.	(This is normally true only of system
		   processes.)

     [EPERM]
	       o   A request (other than PT_ATTACH) attempted to manipulate a process that wasn't
		   being traced at all.
	       o   An attempt was made to use PT_ATTACH on a process in violation of the require-
		   ments listed under PT_ATTACH above.

     [ESRCH]   No process having the specified process ID exists.

SEE ALSO
     sigaction(2), signal(7)

BUGS
     On the SPARC, the PC is set to the provided PC value for PT_CONTINUE and similar calls, but
     the NPC is set willy-nilly to 4 greater than the PC value.  Using PT_GETREGS and PT_SETREGS
     to modify the PC, passing (caddr_t)1 to ptrace(), should be able to sidestep this.

BSD					 August 31, 2011				      BSD
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums


All times are GMT -4. The time now is 02:27 AM.