使用ptrace的跟踪被打开文件的位置 [英] Using Ptrace to track the location of files being opened
问题描述
我是用下面的code这实际上让我的内容在寄存器(EAX,EBX,ECX)每当一个开放的系统调用被调用。现在很多的斗争之后,我明白了什么值从这个问题表示。结果EBX包含指向的文件名。但是,当我尝试访问它我得到一个分段错误。我在哪里去了?
在code可以从href=\"http://pastie.org/3634410\"这里 rel=\"nofollow\">的
I was using the following code which actually gets me the contents in the registers (eax, ebx, ecx) whenever a open system call is called. Now after a lot of struggle I understood what the values signify from this Question.
ebx contains the pointer to filename. But when I try to access it I was getting a segmentation fault. Where am I going wrong?
The code can be accessed from the here
推荐答案
每个进程都有自己的地址空间。从另一方法得到的地址将不会在你的有效。在其他进程读取内存的一种方法是,以使用 PTRACE_PEEKDATA 。在Linux上,另一种方法是打开的/ proc /< PID方式> / MEM ,力求地址,并从它像一个文件读
Every process has its own address space. An address obtained from another process will not be valid in yours. One way to read memory in the other process would be to use PTRACE_PEEKDATA. On Linux, another way would be to open /proc/<pid>/mem, seek to the address, and read from it like a file.
这篇关于使用ptrace的跟踪被打开文件的位置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
