On Fri, Oct 17, 2014 at 1:34 PM, Peter J. Philipp <p...@centroid.eu> wrote:
> I'm trying to read the stack of another process that has the same user
> credentials. Here is my program, I am stuck with this, it doesn't work
> for me. Printing 0's is rewrapped to '.' and you should use this program
> with hexdump like so: ./memtest [pid] | hexdump -C | less
> Sometimes I get a bit of the stack but it seems random, dunno what the
> deal is.
...
> int
> main(int argc, char *argv[])
> {
> int64_t stackend = USRSTACK;
> int64_t offset;
So 'offset' is a variable in the stack of this process...
> memset(&ptid, 0, sizeof(ptid));
> ptid.piod_op = PIOD_READ_I;
> ptid.piod_offs = (void*)&offset;
...and you're telling ptrace() to take the address of 'offset' in
_this_ process and read from that address in the _target_ process.
That's not what you want; the '&' in that line should be removed.
After that, the program works for me.
> status = ptrace(PT_IO, pid, (caddr_t)&ptid, sizeof(ptid));
The 4th argument to ptrace(...PT_IO...) is ignored and doesn't need to
be the size of the ptid structure.
Finally, if a ptrace() call after the PT_ATTACH fails then you
probably want to jump to detaching instead of exiting while attached
(which will kill the target process).
Philip Guenther
