a problem about ptrace()

[pinper]

How can I write something to the child process space??
ptrace(PTRACE_POKETEXT,.....)seems could not do that

The Linux sources(2.4.7-10) about sysptrace() is:

......
case PTRACE_POKETEXT: /* write the word at location addr. */
case PTRACE_POKEDATA:
ret = 0;
if (access_process_vm(child, addr, &data, sizeof(data), 1) == sizeof(data))
break;
ret = -EIO;
break;
......

it seems don't write something to the child process space!!
what can I do?


sorry,my English is too weak :->

[Dolda2000]

Why do you get that idea? The access_process_vm function writes the data into the child's VM. I'd recommend using PTRACE_POKEDATA instead, though. It doesn't _really_ make a difference for the i386 arch, but technically POKETEXT is for poking in a process' text, and other archs might have the text and the data in seperate address spaces.
What are you doing? Can you post the surrounding code, so that maybe I can see why it fails. Do you get EIO returned by ptrace(PTRACE_POKETEXT) or does it return success?

[pinper]

I know the access_process_vm function could write the data to child process but....
a simple test:

/* testwrite.c */

/*The ADDR is the start of the data segment,could be writed*/
#define ADDR 0x80495fc

int main(int argc,char *argv[])
{
pid_t pid;
long word=2;

if(argc != 2){
printf("Usage:testwrite pid\n");
exit(0);
}
pid=atoi(argv[1]);
ptrace(PTRACE_ATTACH,pid,NULL,NULL);

waitpid(pid,NULL,WUNTRACED);
ptrace(PTRACE_POKEDATA,pid,(void *)ADDR,&word);
perror("testwrite");
ptrace(PTRACE_DETACH,pid,NULL,NULL);
exit(0);
}

/* testread.c */
#define ADDR 0x80495fc

int main(int argc,char *argv[])
{
pid_t pid;
long word;

if(argc != 2){
printf("Usage:testread pid\n");
exit(0);
}
pid=atoi(argv[1]);
ptrace(PTRACE_ATTACH,pid,NULL,NULL);

waitpid(pid,NULL,WUNTRACED);
ptrace(PTRACE_PEEKDATA,pid,(void *)ADDR,&word);
printf("There is :%#x\n",word);

ptrace(PTRACE_DETACH,pid,NULL,NULL);
exit(0);
}

then try it:
./testread 1242
There is :0x4003d0f4
./testwrite 1242
testwrite:success
./testread 1242
There is :0x4003d0f4

why??

[Dolda2000]

Did you check the return value from ptrace(PTRACE_POKEDATA)? What process is 1242?

[pinper]

return value is 0(success)
The tested process is very simple.

/* hi .c */
int main(void)
{
while(1){
printf("hi\n");
}
}

./hi > /dev/null &
It's pid is 1242

(RH7.2,kernel version 2.4.7-10)

[Dolda2000]

Hmmm... now that is very strange, admittedly. I don't really see why it should make a difference, but can't you try reading/writing a user-allocated variable in the test process instead? Like this:

test.c:

Code:

int main(void)
{
    int test;
    
    test = 0;
    printf("%p\n", &test);
    while(1);
        printf("%i\n", test);
}

write.c:

Code:

int main(int argc, char **argv)
{
    pid_t pid;
    void *addr;
    
    pid = atoi(argv[1]);
    addr = atoi(argv[2]);
    ptrace(PTRACE_ATTACH, pid, NULL, NULL);
    waitpid(pid, NULL, WUNTRACED);
    ptrace(PTRACE_POKEDATA, pid, addr, 2); /* Yes, you're supposed to pass the data as a pointer, not a pointer to the data */
    perror("write");
    ptrace(PTRACE_DETACH, pid, NULL, NULL);
    return(0);
}

[pinper]

Sorry,I make a very very ( ) mistake......
it is ptrace(PEEKDATA,pid,(void *ADDR),&word) this &word
is error,it should be word=ptrace(PEEKDATA,pid,(void *)ADDR,NULL)

Very very sorry..............
Thank you!


sorry,my English is too weak :->

[Dolda2000]

Oh, of course... I guess I should have seen that, too... =)