reading process memory

James Riendeau jtriende at
Wed Jun 7 22:01:26 UTC 2006

I'm going to anticipate your next question, and say that if you're  
not the parent, you will have to "attach" to the process.  How that's  
done?  I don't know, probably through a system call to ptrace or  
writing to the procfs ctl directory.  I'm speaking through erudite  
knowledge rather than any real experience working with procfs.


On Jun 7, 2006, at 2:33 PM, James Riendeau wrote:

> Ahh.  I think I goofed slightly.  I think your application has to  
> be the parent of the running process to get at that property.  See:
> James Riendeau
> MMI Computer Support Technician
> 1300 University Ave
> Rm. 436, Dept. of MedMicro
> Madison, WI  53706
> Phone: (608) 262-3351
> After-hours Phone: (608) 260-2696
> Fax: (608) 262-8418
> Email: jtriende at
> On Jun 7, 2006, at 10:24 AM, Tofik Suleymanov wrote:
>> James Riendeau wrote:
>>> How are you defining "assuming right privileges"?
>> assuming uid 0
>>>   The only way you're going to be able to read another processes  
>>> address space is in the kernel.Even a process running as root is  
>>> not able to read another process's data.
>> how does gdb then reads for example different variables of running  
>> program ?
>>>   One of the principle responsibilities of the OS is to manage  
>>> the private memory space of each process, and I emphasize  
>>> private.  The last thing you would want on a secure system is the  
>>> ability of other processes to read or write to another process's  
>>> address space.Even a parent process should not be able to read a  
>>> child's address space, as the fork logically duplicates their  
>>> address space and they go their separate ways.  An attempt to  
>>> read another processes address space should trap to the kernel  
>>> and the kernel should kill the process immediately.  There is one  
>>> exception to this:  you can setup a pipe or memory share between  
>>> two processes, however, both processes have to agree to share  
>>> some memory or connect via a pipe.  I'm not going to give you a  
>>> howto via email as the subject usually fills a solid chapter in  
>>> most OS books.
>> Thank you for brief and altogether extensive explanation of the  
>> case.The thing i wanted to do is to read let's say portions of  
>> memory where .bss and .data block of a running program reside.
>> is that possible ?
>> Sincerely,
>> Tofik Suleymanov

More information about the freebsd-questions mailing list