以低开销的方式访问跟踪进程的内存空间? [英] Low-overhead way to access the memory space of a traced process?

问题描述

我正在寻找一种有效的方法来访问(对于读和写操作)我的ptraced子进程的内存空间.被访问的块的大小可能从几个字节到几兆字节不等，因此使用带PTRACE_PEEKDATA和PTRACE_POKEDATA的ptrace调用一次只能读取一个字并在每次被调用时切换上下文毫无意义的资源浪费.我唯一能找到的另一种解决方案是/proc/<pid>/mem文件，但是很早以来它才被设为只读.

还有其他(相对简单的)方法可以完成这项工作吗?理想的解决方案是以某种方式与其父进程共享子进程的地址空间，然后使用简单的memcpy调用在两个方向上复制所需的数据，但是我不知道如何做以及从哪里开始. >

有什么想法吗?

解决方案

如果这是Linux(如标签所示)，则可以使用CLONE_VM标志的http://linux.die.net/man/2/clone"rel =" nofollow noreferrer> clone() .由于两个进程共享相同的VM空间，因此所有修改将立即在两者之间可见，而开销实际上为零.

这确实意味着您不能再在孩子中exec()了；因为它将替换两个进程的VM空间.

I'm looking for an efficient way to access(for both read and write operations) the memory space of my ptraced child process. The size of blocks being accessed may vary from several bytes up to several megabytes in size, so using the ptrace call with PTRACE_PEEKDATA and PTRACE_POKEDATA which read only one word at a time and switch context every time they're called seems like a pointless waste of resources. The only one alternative solution I could find, though, was the /proc/<pid>/mem file, but it has long since been made read only.

Is there any other (relatively simple) way to do that job? The ideal solution would be to somehow share the address space of my child process with its parent and then use the simple memcpy call to copy data I need in both directions, but I have no clues how to do it and where to begin.

Any ideas?

解决方案

If this is Linux (which the tags suggest it is), you can share the entirety of the child's address space with the parent by using clone() with the CLONE_VM flag. As the two processes share the same VM space, all modifications will be immediately visible between the two, with essentially zero overhead.

This does mean you can't then exec() in the child; as it will replace the VM space of both processes.

这篇关于以低开销的方式访问跟踪进程的内存空间?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！