using ptrace system call

I have written a small code for using ptrace (I am new to this system
call)

int main()
{
int pid;
struct user_regs_struct regs;

pid = fork();
if (pid == 0)
while(1);

ptrace(PTRACE_ATTACH, pid, 0, 0);
waitpid(pid, NULL, 0);
ptrace(PTRACE_GETREGS, pid, 0, ®s);
printf("esp = %ld", regs.esp);
}


But the code doesnt seem to work fine and hangs. I think it is waiting
at waitpid in parent. But man page of ptrace says that parent uses
waitpid after ATTACH. So where I am doing wrong and how to i print out
the register values of the child process?

Thanks
Ash

On 2004-09-15, Ash <amujoo@yahoo.com> wrote:
> I have written a small code for using ptrace (I am new to this system
> call)
>
> int main()
> {
>   int pid;
>   struct user_regs_struct regs;
>
>   pid = fork();
>   if (pid == 0)
>     while(1);
>
>   ptrace(PTRACE_ATTACH, pid, 0, 0);
>   waitpid(pid, NULL, 0);
>   ptrace(PTRACE_GETREGS, pid, 0, ®s);
>   printf("esp = %ld", regs.esp);
> }
>
>
> But the code doesnt seem to work fine and hangs. I think it is waiting
> at waitpid in parent. But man page of ptrace says that parent uses
> waitpid after ATTACH. So where I am doing wrong and how to i print out
> the register values of the child process?

waitpid waits for your child to finish. The child is not going to
finish, so your parent is not going to go any further.

Andrei

amujoo@yahoo.com (Ash) writes:

> I have written a small code for using ptrace (I am new to this system
> call)
>
> int main()
> {

Please post *complete* test case so we would not have to guess
which headers it needs, and please specify your OS.

> But the code doesnt seem to work fine and hangs. I think it is waiting
> at waitpid in parent.

It probably does.

> So where I am doing wrong and how to i print out
> the register values of the child process?

Add 'ptrace(PTRACE_TRACEME, 0, 0, 0);' to the child.

Cheers,
--
In order to understand recursion you must first understand recursion.
Remove /-nsp/ for email.

well, I tried running this code on linux and it didn't hang. which unix
are you using?
Cheers,
-manu
----------------
Manu Garg
http://manugarg.freezope.org

"manugarg" <manugarg@gmail.com> wrote in message news:<ciajal$uv@odbk17.prod.google.com>...

> well, I tried running this code on linux and it didn't hang. which unix
> are you using?
> Cheers,
> -manu
> ----------------

I am using Linux only and it hangs. What I want to do is to get the
register values of the child process. HOw can this be done using
ptrace system call. Can you please write a short piece of code for
that which works on linux.

Thanks
Ash

>I am using Linux only and it hangs. What I want to do is to get the
>register values of the child process. HOw can this be done using
>ptrace system call. Can you please write a short piece of code for
>that which works on linux.

http://linux01.org:2222/f/hxtools/src/segvtracer.c
function dump_regs()



Jan Engelhardt
--
Gesellschaft für Wissenschaftliche Datenverarbeitung
Am Fassberg, 37077 Göttingen, www.gwdg.de

Well, here is the code:
$ cat ptrace.c
#include <sys/ptrace.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/user.h>

int main()
{
int pid;
struct user_regs_struct regs;

pid = fork();
if (pid == 0)
while(1);

ptrace(PTRACE_ATTACH, pid, 0, 0);
waitpid(pid, NULL, 0);
ptrace(PTRACE_GETREGS, pid, 0, ®s);
printf("esp = %ld\n", regs.esp);
}

and on running this, I get following output:
$./a.out
esp = -1073744176

Cheers,
-Manu

Is it possible to pass pid from a command line where pid is any
process running in the system and we want to trace that? Will the same
code work or it needs changes?


"manu" <manugarg@gmail.com> wrote in message news:<1095714887.420578.266830@k17g2000odb.goo
glegroups.com>...
> Well, here is the code:
> $ cat ptrace.c
> #include <sys/ptrace.h>
> #include <unistd.h>
> #include <sys/types.h>
> #include <sys/user.h>
>
> int main()
> {
> int pid;
> struct user_regs_struct regs;
>
> pid = fork();
> if (pid == 0)
> while(1);
>
> ptrace(PTRACE_ATTACH, pid, 0, 0);
> waitpid(pid, NULL, 0);
> ptrace(PTRACE_GETREGS, pid, 0, ®s);
> printf("esp = %ld\n", regs.esp);
> }
>
> and on running this, I get following output:
> $./a.out
> esp = -1073744176
>
> Cheers,
> -Manu

In article <60aab6b4.0409240143.456b20d4@posting.google.com>,
amujoo@yahoo.com (Ash) wrote:

> Is it possible to pass pid from a command line where pid is any
> process running in the system and we want to trace that? Will the same
> code work or it needs changes?

Yes, since ptrace() takes the PID as a parameter.  You can use atoi to
convert the command line argument to an int.

Note that only the superuser can trace a process owned by another user.

>
>
> "manu" <manugarg@gmail.com> wrote in message
> news:<1095714887.420578.266830@k17g2000odb.googlegroups.com>... 

--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***

#include <sys/types.h>
#include <sys/user.h>
#include <sys/wait.h>
#include <sys/ptrace.h>
#include <stdio.h>
#include <unistd.h>

main(int argc, char *argv[])
{
int     pid, status;
struct user_regs_struct regs;

if (argc < 2)
exit(0);
else
pid = atoi(argv[1]);

printf("pid = %d\n", pid);

ptrace(PTRACE_ATTACH, pid, 0, 0);

waitpid(pid, &status, 0);

ptrace(PTRACE_GETREGS, pid, 0, ®s);

printf("out of wait\n");
}

Here is the program that i wrote for tracing a pid other than child.
Why does it hang? Anybody?




Barry Margolin <barmar@alum.mit.edu> wrote in message news:<barmar-1C8BEC.09093424092004@co
mcast.dca.giganews.com>...
> In article <60aab6b4.0409240143.456b20d4@posting.google.com>,
>  amujoo@yahoo.com (Ash) wrote:
> 
>
> Yes, since ptrace() takes the PID as a parameter.  You can use atoi to
> convert the command line argument to an int.
>
> Note that only the superuser can trace a process owned by another user.
>