Trouble with ptrace
Timo Juhani Lindfors
timo.lindfors at iki.fi
Tue Jan 20 13:12:13 CET 2009
wind_cheng <Wind_cheng at asustek.com.cn> writes:
> I'm a newbie.
Ok, learning is always a good reason for reimplementing stuff :-)
> i am playing with ptrace these days, and it works on my FC8, but it do not
> fit ARM.
> So ..
I have done some playing around with ptrace too:
itrace single steps over a program and records every single
instruction that was executed. I wrote this since ltrace did not
record inter-library function calls. Together with itrace-decode1.py
it is possible to map the instruction list back to symbolic addresses.
screenify "moves" an application inside gnu screen. It is not perfect
since it affects stdin/stdout/stderr and does nothing to process groups.
URLFixTrick.py is a funny "plugin" to subterfugue that attaches to a
process and makes it impossible for the process to write broken URLs
to any file descriptor :-)
http://iki.fi/lindi/ptrace-memdump.c is an early version of itrace
which I modified to dump the memory of a process (used only once so it
is not general purpose tool). This can be used to read the contents of
a suidroot binary even if you don't have read permissions to
it. (Using ptrace will drop suid flag but it will still give you
access to the memory of the executable.)
Interesting ptrace tricks written by others include
"Jumping sudo using ptrace"
"SUBTERFUGUE is a framework for observing and playing with the reality
of software; it's a foundation for building tools to do tracing,
sandboxing, and many other things. You could think of it as "strace
and of course also strace, gdb and user-mode-linux are good sources of
More information about the support