Low-overhead way to access the memory space of a traced process?

Posted by vovick on Stack Overflow See other posts from Stack Overflow or by vovick
Published on 2009-06-05T22:05:43Z Indexed on 2010/03/26 21:53 UTC
Read the original article Hit count: 119

Filed under:

linux

|

ptrace

Hello all.

I'm looking for an efficient way to access(for both read and write operations) the memory space of my ptraced child process. The size of blocks being accessed may vary from several bytes up to several megabytes in size, so using the ptrace call with PTRACE_PEEKDATA and PTRACE_POKEDATA which read only one word at a time and switch context every time they're called seems like a pointless waste of resources. The only one alternative solution I could find, though, was the /proc/<pid>/mem file, but it has long since been made read only.

Is there any other (relatively simple) way to do that job? The ideal solution would be to somehow share the address space of my child process with its parent and then use the simple memcpy call to copy data I need in both directions, but I have no clues how to do it and where to begin.

Any ideas?

© Stack Overflow or respective owner

Related posts about linux

apt-get install and update fail

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I've got a problem with apt-get update and apt-get install ... commands . every time update or installing fails and errors are : Get:1 http://dl.google.com stable Release.gpg [198B] Ign http://dl.google.com/linux/chrome/deb/ stable/main Translation-en_US Get:2 http://dl… >>> More
kernel module compiling error

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
sh@ubuntu:/home/ccpp/helloworld$ make gcc-4.6 -O2 -DMODULE -D_KERNEL_ -W -Wall -Wstrict-prototypes -Wmissing-prototypes -isystem /lib/modules/`uname -r`/build/include -c -o hello-1.o hello-1.c hello-1.c:4:0: warning: "MODULE" redefined [enabled by default] <command-line>:0:0: note: this is… >>> More
Build-Essentials installation failing

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I am having trouble accessing the several critical header files that show to be a part of the build process. The "Ubuntu Software Center" shows "Build Essentials" as installed: Next I did the following two commands, which did not improve the problem: ~$ sudo apt-get install build-essential [sudo]… >>> More
Updating Debian kernel

as seen on Super User - Search for 'Super User'
I'm trying to update my Debian machine to 2.6.32-46 (which is the new stable). However, after doing apt-get update my apt-cache search linux-image shows me: linux-headers-2.6.32-5-486 - Header files for Linux 2.6.32-5-486 linux-headers-2.6.32-5-686-bigmem - Header files for Linux 2.6.32-5-686-bigmem linux-headers-2… >>> More
Serial connection over a single USB cable (Windows to linux, or linux to linux)

as seen on Server Fault - Search for 'Server Fault'
I'm helping out with a project for an embedded device that only has USB and no serial. This device is running Linux. These days, when we need to connect to a serial port on a device we typically use a USB to serial adapter (on something like a phone system or a load balancing device, etc). I would… >>> More

Related posts about ptrace

Pre-startup segmentation fault with ptrace

as seen on Server Fault - Search for 'Server Fault'
I have somehow managed to mangle my computer so that any time I attempt to use something that uses ptrace to trace another process (eg strace, gdb), I get an immediate segmentation fault. For example: # strace /bin/true execve("/bin/true", ["/bin/true"], [/* 27 vars */]) = 0 --- SIGSEGV (Segmentation… >>> More
Using ptrace to generate a stack dump

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello. I am compiling C++ on *nix and I would like to generate a stack dump a) at an arbitrary point in the program, b) during any signal, particularly during SIGSEGV. Google tells me that ptrace is probably the tool for the job, but I can't find any comprehensible examples of walking the stack… >>> More
detect sender of signal (linux, ptrace)

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello Can I distinguish signal, between delivered directly to a process and delivered via debugger. Case 1: $ ./process1 process1 (not ptraced) set up handler alarm(5); .... signal is handled and I can parse handler parameters Case 2: $ debugger1 ./process1 process1 (is ptraced by debugger1) … >>> More
I/O Error with PHP5-FPM, ptrace(PEEKDATA) failed

as seen on Server Fault - Search for 'Server Fault'
I got a lot of these: [NOTICE] child 19214 stopped for tracing [NOTICE] about to trace 19214 [ERROR] ptrace(PEEKDATA) failed: Input/output error (5) [NOTICE] finished trace of 19214 [WARNING] [pool www] child 19208, script 'blahblah.php' executing too slow (30.041419 sec), logging [NOTICE] child… >>> More
ptrace'ing of parent process

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello Can child process use the ptrace system call to trace its parent? Os is linux 2.6 Thanks. upd1: I want to trace process1 from "itself". It is impossible, so I do fork and try to do ptrace(process1_pid, PTRACE_ATTACH) from child process. But I can't, there is a strange error, like kernel… >>> More