Using Ptrace to Track the Location of Open Files

Question

Using Ptrace to Track the Location of Open Files

I used the following code, which actually gets the contents in registers (eax, ebx, ecx) whenever an open system call is called. Now, after a big fight, I realized what the meanings of this Question are .
ebx contains a pointer to the file name. But when I try to access it, I get a segmentation error. Where am I going wrong? Access to the code can be obtained from here

+2

c pointers linux system-calls ptrace

bi0s.kidd0 Mar 20 '12 at 12:22

source share

1 answer

Dark falcon · Accepted Answer · 2012-03-20T12:26:13+0000

Each process has its own address space. An address obtained from another process will not be valid in yours. One way to read memory in another process is to use PTRACE_PEEKDATA . On Linux, another way would be to open /proc/<pid>/mem , look up the address and read from it as a file.

Using Ptrace to Track the Location of Open Files

More articles: