会玩ptrace系统调用的人进来帮帮忙

asert

第一个程序是用来被跟踪的，第二个程序用来跟踪第一个程序，但是跟踪完后会导致第一个程序报段错误，不知道是什么原因？

1. 
   
2. #include <stdio.h>
   
3. 
   
4. int main(int argc, char **argv) {
   
5.         int i = 0;
   
6. 
   
7.         while(1) {
   
8.                 printf("%d\n",i);
   
9.                 i++;
   
10.                 sleep(1);
    
11.         }
    
12. }
    

复制代码

1. 
   
2. #include <sys/ptrace.h>
   
3. #include <sys/types.h>
   
4. #include <sys/wait.h>
   
5. #include <sys/syscall.h>
   
6. #include <sys/user.h>
   
7. #include <unistd.h>
   
8. #include <stdlib.h>
   
9. #include <string.h>
   
10. #include <stdio.h>
    
11. 
    
12. const long long_size = sizeof(long);
    
13. 
    
14. void getdata(pid_t child, long addr, char *str, int len) {
    
15.   char *laddr;
    
16.   int i,j;
    
17. 
    
18.   union u {
    
19.     long val;
    
20.     char chars[long_size];
    
21.   } data;
    
22. 
    
23.   i = 0;
    
24.   j = len / long_size;
    
25. 
    
26.   laddr = str;
    
27. 
    
28.   while(i < j) {
    
29.     data.val = ptrace(PTRACE_PEEKDATA, child, addr + i * 4, NULL);
    
30.     memcpy(laddr, data.chars, long_size);
    
31.     ++i;
    
32.     laddr += long_size;
    
33.   }
    
34. 
    
35.   j = len % long_size;
    
36.   if(j != 0) {
    
37.     data.val = ptrace(PTRACE_PEEKDATA, child, addr + i * 4, NULL);
    
38.     memcpy(laddr, data.chars, j);
    
39.   }
    
40. }
    
41. 
    
42. void putdata(pid_t child, long addr, char *str, int len) {
    
43.   char *laddr;
    
44.   int i,j;
    
45. 
    
46.   union u {
    
47.     long val;
    
48.     char chars[long_size];
    
49.   } data;
    
50. 
    
51.   i = 0;
    
52.   j = len /long_size;
    
53.   laddr = str;
    
54. 
    
55.   while(i < j) {
    
56.     memcpy(data.chars, laddr, long_size);
    
57.     ptrace(PTRACE_POKEDATA, child, addr + i * 4, data.val);
    
58.     ++i;
    
59.     laddr += long_size;
    
60.   }
    
61. 
    
62.   j = len % long_size;
    
63.   if(j != 0) {
    
64.     memcpy(data.chars, laddr, j);
    
65.     ptrace(PTRACE_POKEDATA, child, addr + i * 4, data.val);
    
66.   }
    
67. }
    
68. 
    
69. int main(int argc, char *argv[]) {
    
70.   pid_t traced_pid;
    
71.   struct user_regs_struct regs;
    
72.   long ins;
    
73.   char code[] = {0xcd, 0x80, 0xcc};//trap code,让程序挂断
    
74.   char backup[3];
    
75. 
    
76.   if(argc != 2) {
    
77.     printf("usage:%s <pid to be traced>", argv[0], argv[1]);
    
78.     exit(1);
    
79.   }
    
80. 
    
81.   traced_pid = atoi(argv[1]);
    
82.   ptrace(PTRACE_ATTACH, traced_pid, NULL, NULL);
    
83.   wait(NULL);
    
84.   ptrace(PTRACE_GETREGS, traced_pid, NULL, &regs);
    
85. 
    
86.   getdata(traced_pid, regs.eip, backup, 3);
    
87.   putdata(traced_pid, regs.eip, code, 3);
    
88. 
    
89.   ptrace(PTRACE_CONT, traced_pid, NULL, NULL);
    
90.   wait(NULL);
    
91.   printf("the process stopped, putting back the original instructions\n");
    
92.   printf("press <enter> to continue");
    
93.   getchar();
    
94. 
    
95.   putdata(traced_pid, regs.eip, backup, 3);
    
96.   ptrace(PTRACE_SETREGS, traced_pid, NULL, &regs);
    
97. 
    
98.   ptrace(PTRACE_DETACH, traced_pid, NULL, NULL);
    
99.   return 0;
    
100. }
     

复制代码

jinglexy

看不出错误，可以用coredump调一下。
上面的code[]是什么，int 0x80?要不要push eax,PTRACE_DETACH应该
先做然后_CONT,以前看到的demo好像是这样写的。

int main(int argc, char *argv[]) {
        pid_t traced_pid;
        struct user_regs_struct regs;
        long ins;
        char code[] = {0xcd, 0x80, 0xcc};//trap code,让程序挂断
        char backup[3];

        if(argc != 2) {
                printf("usage:%s <pid to be traced>", argv[0], argv[1]);
                exit(1);
        }

        traced_pid = atoi(argv[1]);
        if(-1 == ptrace(PTRACE_ATTACH, traced_pid, NULL, NULL) || errno) {
                err out;
        }
        waitpid(pid, NULL, WUNTRACED);
        // ptrace(PTRACE_GETREGS, traced_pid, NULL, &regs);

        getdata(traced_pid, regs.eip, backup, 3);
        putdata(traced_pid, regs.eip, code, 3);

        //ptrace(PTRACE_CONT, traced_pid, NULL, NULL);
        //wait(NULL);
        printf("the process stopped, putting back the original instructions\n");
        printf("press <enter> to continue");
        getchar();

        putdata(traced_pid, regs.eip, backup, 3);
        //ptrace(PTRACE_SETREGS, traced_pid, NULL, &regs);

        ptrace(PTRACE_DETACH, traced_pid, NULL, NULL);
        ptrace(PTRACE_CONT, traced_pid, NULL, NULL);                // do continue after detach
        return 0;
}