写入被跟踪进程的内存. [英] Writing memory of the traced process.

问题描述

我在 linux 中玩弄 ptrace.我正在尝试使用/proc/pid/mem 接口写入被跟踪进程的内存.

我用来完成这个任务的函数是:

void write_proc(pid_t child, unsigned long int addr) {char mem_file_name[100];char buf[10]="希望";int mem_fd;memset((void*)mem_file_name, 0, 100);memset((void *)buf, 0, 10);sprintf(mem_file_name, "/proc/%d/mem", child);mem_fd = 打开(mem_file_name，O_RDONLY)；lseek(mem_fd, addr, SEEK_SET);如果(写(mem_fd，buf，5)<0)perror("写作");返回;}

但我总是收到错误:Writing: Bad file descriptor.

是否可以使用这种方法编写被跟踪的进程?

解决方案

您正在以只读模式 (O_RDONLY) 打开文件.我建议改用 O_RDWR 再试一次:

 mem_fd = open(mem_file_name, O_RDWR);

但是，从 man proc 看这是否可行:

<块引用>

/proc/[pid]/mem该文件可用于访问进程内存的页面通过 open(2)、read(2) 和 lseek(2).

我也很好奇，所以我直接用 ptrace() 组合了这个例子:

#include #include #include #include #include #define SHOW(call) ({ int _ret = (int)(call); printf("%s -> %d
", #call, _ret); if (_ret <0) { perror(NULL); }})char changeme[] = "这是一个测试";int main (void){pid_t pid = fork();int ret;国际我;联合{字符数据[8];int64_t 数据；} u = {被劫持"};开关(pid){case 0:/* 孩子 */睡眠(1)；printf("消息:%s
", changeme);退出(0)；情况1:错误(叉")；退出(1)；休息;默认值:/* 父 */显示(ptrace(PTRACE_ATTACH，pid，0, 0))；显示(ptrace(PTRACE_POKEDATA，pid，changeme，u.data))；显示(ptrace(PTRACE_CONT, pid, 0, 0));等待(空)；休息;}返回0；}

I am playing around with ptrace in linux. I am trying to write the memory of the traced process using /proc/pid/mem interface.

the function I ma using for accomplish this task is :

void write_proc(pid_t child, unsigned long int addr) {

  char mem_file_name[100];
  char buf[10]="hope";
  int mem_fd;


  memset( (void*)mem_file_name, 0, 100);
  memset( (void *)buf, 0, 10);

  sprintf(mem_file_name, "/proc/%d/mem", child);
  mem_fd = open(mem_file_name, O_RDONLY);
  lseek(mem_fd, addr , SEEK_SET);

  if (write(mem_fd, buf, 5) < 0 )
    perror("Writing");

  return;

}

But I always get the error : Writing: Bad file descriptor.

Is it possible to write the traced process using this method?

解决方案

You are opening the file in read-only mode (O_RDONLY). I'd suggest trying again with O_RDWR instead:

  mem_fd = open(mem_file_name, O_RDWR);

However, from man proc it's not clear this will work:

   /proc/[pid]/mem
          This  file can be used to access the pages of a process's memory
          through open(2), read(2), and lseek(2).

EDIT:

I was curious too, so I put together this example using just ptrace() directly:

#include <sys/ptrace.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>

#define SHOW(call) ({ int _ret = (int)(call); printf("%s -> %d
", #call, _ret); if (_ret < 0) { perror(NULL); }})

char changeme[] = "This is  a test";

int main (void)
{
  pid_t pid = fork();
  int ret;
  int i;
  union {
    char cdata[8];
    int64_t data;
  } u = { "Hijacked" };

  switch (pid) {
  case 0: /* child */
    sleep(1);
    printf("Message: %s
", changeme);
    exit(0);

  case -1:
    perror("fork");
    exit(1);
    break;

  default: /* parent */
    SHOW(ptrace(PTRACE_ATTACH, pid, 0, 0));
    SHOW(ptrace(PTRACE_POKEDATA, pid, changeme, u.data));
    SHOW(ptrace(PTRACE_CONT, pid, 0, 0));
    wait(NULL);
    break;
  }

  return 0;
}

这篇关于写入被跟踪进程的内存.的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！