Question about ptrace?

[guodah]

Hello,

I am learning ptrace and got confused by the underlined part in the attached program. I tried to understand what it meant by removing them. Then I found the same system calls are made more than once in accomplishing getpid in child. ptrace(PTRACE_POKEUSER,..) is supposed to set data in the child process. But in this program, it seems that it is setting something that is already there.

Anybody can help me figure this out? Any information will be greatly appreciated!

Dan

#include <stdio.h>
#include <signal.h>
#include <sys/wait.h>
#include <sys/ptrace.h>
#include <asm/ptrace.h>
#include <asm/unistd.h>

static char stack[65536];

int child(void *arg){

if(ptrace(PTRACE_TRACEME, 0, 0, 0) < 0){
perror("ptrace");
exit(1);
}
kill(getpid(), SIGSTOP);
while(1){
printf("getpid() returned %d\n", getpid());
sleep(3);
}
return(0);
}



int main(int argc, char **argv){

int pid, status, syscall;

printf("Parent pid = %d\n", getpid());

if((pid = clone(child, &stack[65532], SIGCHLD, NULL)) < 0){
perror("clone");
exit(1);
}

if(pid = waitpid(pid, &status, WUNTRACED)) < 0){
perror("Waiting for stop");
exit(1);
}

if(ptrace(PTRACE_SYSCALL, pid, 0, 0) < 0){
perror("continuing");
exit(1);
}

while(1){
if((pid = waitpid(-1, &status, WUNTRACED)) <= 0){
perror("wait");
exit(1);
}

if(WIFSTOPPED(status) && (WSTOPSIG(status) == SIGTRAP)){
syscall = ptrace(PTRACE_PEEKUSER, pid, 4 * ORIG_EAX, 0);
if(syscall == __NR_getpid){
if(ptrace(PTRACE_POKEUSER, pid, 4 * ORIG_EAX, __NR_getppid) < 0){
perror("ptrace");
exit(1);
}

}

if(ptrace(PTRACE_SYSCALL, pid, 0, 0) < 0){
perror("continuing");
exit(1);
}
}else
printf("wait failed - pid = %d, status = %d\n", pid, status);

}
}

[wje_lf]

Um, I don't mean to be rude, but I fear that what I am about to say will seem that way.

Could you please post something that compiles without error? There's an obvious syntax error on the first line which contains a call to waitpid(), and I'm too lazy to clean up any other errors that may be there.

I'd love to look at the code, but only if I can compile it and play with it. Cleaning up the syntax errors is your job. I'd just do it, but sometimes, like a "small" plumbing job, it can be longer than it seems.

[guodah]

Hi, Bill,

I greatly appreciate your time and apologize if my program wasted your time.

What confuses me is I copied and pasted the program right from the IDE where it compiled fine. As to waitpid, can you please let me know what is wrong with it. It has not caused any problem in my program.

Again, thank you!

Dan

[wje_lf]

Code:

 if(pid = waitpid(pid, &status, WUNTRACED)) < 0){

I see two left parentheses on that line, and three right parentheses.

It would be quite easy for me to fix that, but that wasn't the only syntax error the compiler found, or I'd just have fixed it and moved on.

Maybe I'm wrong, but is there a chance that you copied and pasted an early version of the program, and then ran it to get the output? And discovered along the way that there were syntax errors? If so, it would be trivial to post the correct code. :)