Login or Register to Ask a Question and Join Our Community


Programming

ptrace-get register values

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Programming ptrace-get register values
# 1  
Old 04-09-2010
ptrace-get register values
Hi,All,
I use ptrace to capture the OPEN syscall, and find problems on getting filename as its argument. Basically, what ebx returns is a pointer to the filename of file to open. My code is as follows, and the program keep throwing segment fault. Besides, even if I can get filePath[0], how can I know the length of the string(or the char*), so I can get all related chars? Thanks in advance for any ideas.
Richard

//after capturing OPEN syscall
long ebx = ptrace(PTRACE_PEEKUSER, traced_process, 4 * EBX, NULL);
char * filePath = (char *) ebx;
//this line throws segment fault
cout << " filename to open is " << filePath[0];
...
# 2  
Old 04-09-2010
Pointers from another process aren't valid inside your own. You need to read data beginning at its location with PTRACE_PEEKDATA. C-strings are always null terminated, so finding where it ends isn't a problem, though it'll be tricky since you only get to read long's, not bytes...

That's assuming you're getting the register you want in the first place. What value is EBX defined as, and why are you multiplying it by four?
# 3  
Old 04-12-2010
thanks for the advices. It works now... I copy the code from other places, multiplication of 4 may due to that EBX may not be accordance to byte address.
Login or Register to Ask a Question

Previous Thread | Next Thread

7 More Discussions You Might Find Interesting

1. Solaris

<sys/ptrace.h> missing in Solaris 10

Does anyone know why this system include is not there. What can I install to get this and why is it missing? (4 Replies)
Discussion started by: steve701
4 Replies

2. UNIX for Advanced & Expert Users

gdb and ptrace ????

Hi all What 's the relationship between gdb and ptrace, if the kernel does not support ptrace, can gdb work ? Is there some one can explain this for me (3 Replies)
Discussion started by: yanglei_fage
3 Replies

3. Solaris

System call trapping using ptrace.

Hello experts, I am trying to trap system calls using ptrace available on Salaris. How to get the system call number which I am going to trap. In Linux I have done like below: ptrace(PTRACE_PEEKUSER, pid, 4 * ORIG_EAX, NULL); where PTRACE_PEEKUSER : is the request, this specifies the... (1 Reply)
Discussion started by: Patel
1 Replies

4. Programming

regarding ptrace equivalent in solairs

hi,'m using the 5.11 kernel version on amd64 architecture, 32-bit. i need help on the following issues 1)a proper structure to represent the register structure in the architecture 2)a function which would change the register values of the child when the control is with the parent.. ptrace_setregs... (0 Replies)
Discussion started by: sayaproj
0 Replies

5. Programming

ptrace-GETREGS

hello everybody!! I want to post a question!I am confused about the explanation of ptrace command. long ins; ins=ptrace(PTRACE_GETREGS,pid,NULL,&regs); with this command i am able to read, for instance, regs.eip context or get regs.eip address? And if i write the commad... (2 Replies)
Discussion started by: nicos
2 Replies

6. Programming

Tracing self process using ptrace()

Kindly correct me if any of the foll is wrong: I want to trace the current process from the C program itself which I think can be done using ptrace(PTRACE_ATTACH,getpid(),0,0); I would like to get control back after a segmentation fault, or arithmetric exception (i.e. all signals that end... (1 Reply)
Discussion started by: vpraveen84
1 Replies

7. Programming

[FreeBSD] ptrace( ) - Device busy

Hello, I'm trying to obtain process memory contents using ptrace( ) on FreeBSD 4.7. I know this is neither portable nor clean, yet I'd really like to get it to work... I read the manual help page and did a google search, but couldn't find anything helpful. First, the code I'm using to read an... (5 Replies)
Discussion started by: Driver
5 Replies
Login or Register to Ask a Question