我是新的堆栈,相对较新的C.我尝试使用ptrace从另一个进程读取进程内存。到目前为止,我设法从另一个进程读取和更改数字。但是用字符串我找不到方法。这是我的代码:
int errno;
//the string we want to read is 8 bytes long
long len = 8;
const int buflen = (len / sizeof(long)) + 1;
void *buffer;
long *base;
char *data;
int i;
//the process pid i want to track
pid_t pid = 2984;
//the address that the string we want to read resides
void *addr = (unsigned long int*) 0x7ffe03f6e088 ;
buffer = calloc(buflen, sizeof(long));
if (NULL == buffer)
{
perror("Fault at allocation: ");
}
base = (long *) buffer;
ptrace(PTRACE_ATTACH, pid, NULL, NULL);
for (i = 0; i < buflen; i++) {
if(ptrace(PTRACE_PEEKDATA, pid , addr + (sizeof(long) * i),NULL) != -1)
{
*(base + i) = ptrace(PTRACE_PEEKDATA, pid , addr + (sizeof(long) * i),
NULL);
}else
{
fprintf(stderr, "Value of errno: %s\n", strerror(errno));
}
}
ptrace(PTRACE_DETACH, pid, NULL, NULL);
/* Pop a null at the end, since we're printing this string. */
*((char *) buffer + len) = '\0';
data = (char *)buffer;
printf("%p[\"%s\"]\n",addr, data);
free(buffer);
输出:
错误的价值:没有这样的过程
错误的价值:没有这样的过程
0x7ffe03f6e088 [&#34;&#34;]
但是,当addr指向数字时,进程ID是正确的并且类似的代码可以正常工作。请帮帮我。
[编辑]
Bellow是tracee流程代码:
char *a = "lala";
pid_t child;
printf("Char length: %ld\n", strlen(a));
printf("Char value: %s\n", a);
//the address I use to read variable
printf("Char address: %p\n", &a);
//make the process sleep so I can halt it manually
sleep(3);
答案 0 :(得分:1)
您的tracee进程正在打印char *指针本身的地址,而不是字符串开头的地址。
以下是两个选择:(1)使用tracee打印printf("Char address: %p\n", a);并按原样运行跟踪器代码(2)保持跟踪代码的原样并修改跟踪器进程,使其读入{{1来自目标的字节,在sizeof(char *)中存储结果(如果需要使用多个ptrace请求进行适当的数字移位),然后按原样继续。
- Mark Plotnick