在Linux中访问另一个进程虚拟内存(调试) [英] Accessing another process virtual memory in Linux (debugging)
问题描述
gdb如何在Linux上访问另一个进程虚拟内存?这一切是通过/ proc完成的吗?
gdb如何在Linux上访问另一个进程虚拟内存?这一切是通过/ proc完成的吗?
用于阅读内存的Linux
: 1)如果要读取的字节数小于 3 * sizeof(long)
或文件系统 / proc
不可用或从 / proc / PID / mem
读取失败,则 ptrace
与 PTRACE_PEEKTEXT
来读取数据。
以下是函数 linux_proc_xfer_partial()
中的这些条件:
/ *不要打扰一个字。 * /
if(len <3 * sizeof(long))
return 0;
/ *我们可以保持这个文件打开并缓存它 - 可能是每
线程一个。这需要一些杂耍,但速度更快。 * /
xsnprintf(文件名,sizeof文件名,/ proc /%d / mem,
ptid_get_pid(inferior_ptid));
fd = gdb_open_cloexec(filename,O_RDONLY | O_LARGEFILE,0);
if(fd == -1)
return 0;
<2>如果要读取的字节数大于或等于3 * sizeof(long)和 / proc
可用,然后 pread64
或( lseek()
并使用 read()
:
static LONGEST
linux_proc_xfer_partial(struct target_ops * ops,enum target_object object,
const char * annex,gdb_byte * readbuf,
const gdb_byte * writebuf,
ULONGEST offset,LONGEST len)
{
.....
$ b $ *如果pread64可用,则使用它。如果内核
支持它(只有一个系统调用),则速度更快,即使在64位安全
32位平台(例如,SPARC调试SPARC64
应用程序)* /
#ifdef HAVE_PREAD64
if(pread64(fd,readbuf,len,offset)!= len)
#else
if(lseek(fd,offset,SEEK_SET)== -1 || read(fd,readbuf,len)!= len)
#endif
ret = 0;
else
ret = len ;
close(fd);
return ret;
在用于写入内存的Linux上:
><1>
ptrace
with PTRACE_POKETEXT
或使用PTRACE_POKEDATA
。
至于第二个问题:
在哪里可以找到关于......设置硬件观察点的信息
gdb,内部Watchpoint:s http://sourceware.org/gdb/wiki/Internals%20Watchpoints
参考:
How does gdb access another process virtual memory on Linux? Is it all done via /proc?
How does gdb access another process virtual memory on Linux? Is it all done via /proc?
On Linux for reading memory:
1) If the number of bytes to read is fewer than 3 * sizeof (long)
or the filesystem /proc
is unavailable or reading from /proc/PID/mem
is unsuccessful then ptrace
is used with PTRACE_PEEKTEXT
to read data.
These are these conditions in the function linux_proc_xfer_partial()
:
/* Don't bother for one word. */
if (len < 3 * sizeof (long))
return 0;
/* We could keep this file open and cache it - possibly one per
thread. That requires some juggling, but is even faster. */
xsnprintf (filename, sizeof filename, "/proc/%d/mem",
ptid_get_pid (inferior_ptid));
fd = gdb_open_cloexec (filename, O_RDONLY | O_LARGEFILE, 0);
if (fd == -1)
return 0;
2) If the number of bytes to read is greater or equal to 3 * sizeof (long) and /proc
is available then pread64
or (lseek()
and read()
are used:
static LONGEST
linux_proc_xfer_partial (struct target_ops *ops, enum target_object object,
const char *annex, gdb_byte *readbuf,
const gdb_byte *writebuf,
ULONGEST offset, LONGEST len)
{
.....
/* If pread64 is available, use it. It's faster if the kernel
supports it (only one syscall), and it's 64-bit safe even on
32-bit platforms (for instance, SPARC debugging a SPARC64
application). */
#ifdef HAVE_PREAD64
if (pread64 (fd, readbuf, len, offset) != len)
#else
if (lseek (fd, offset, SEEK_SET) == -1 || read (fd, readbuf, len) != len)
#endif
ret = 0;
else
ret = len;
close (fd);
return ret;
}
On Linux for writing memory:
1) ptrace
with PTRACE_POKETEXT
or PTRACE_POKEDATA
is used.
As for your second question:
where can I find information about ... setting hardware watchpoints
gdb, Internals Watchpoint:s http://sourceware.org/gdb/wiki/Internals%20Watchpoints
Reference:
这篇关于在Linux中访问另一个进程虚拟内存(调试)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!