Quote:
Originally Posted by
jim mcnamara
That command stores a copy of the contents of the child process registers - in the memory of the parent process.
Yes, you can see them. But - no - you cannot directly turn them into text. The reason is that most of those have addresses, not values, in them. Text is referenced by a pointer - a memory address. You have to translate the offset the pointer "looks" at (as if you were the child process) to be able to read the text.
Also you have to "know" what those registers are doing for a living - pointer to text, integer value, pointer to integer, pointer to program text, stack pointer, etc.
First of all, I would like to thank you for the help!!!
what i want to do is: to flip a bit, at the next instruction to be executed!(
ptrace(PTRACE_GETREGS,pid, NULL, ®s);//get register contents
ins=ptrace(PTRACE_PEEKDATA,pid, regs.eip,NULL);//ins= get the next instruction!?!
bit flip ins...
ptrace(PTRACE_SETREGS,pid,NULL,®s);
Am I right??