reading process memory
Tofik Suleymanov
tofik at oxygen.az
Thu Jun 8 10:05:35 UTC 2006
David Nugent wrote:
> Tofik Suleymanov wrote:
>> Thank you for brief and altogether extensive explanation of the
>> case.The thing i wanted to do is to read let's say portions of memory
>> where .bss and .data block of a running program reside.
>>
>> is that possible ?
> Yes. Debuggers offer this functionality, for example.
>
> man 2 ptrace
>
man 2 ptrace says:
PT_READ_I, PT_READ_D
These requests read a single int of data from the traced
process's address space. Traditionally, ptrace() has
allowed for machines with distinct address spaces for
instruction and data, which is why there are two
requests:
conceptually, PT_READ_I reads from the instruction space
and PT_READ_D reads from the data space. In the current
FreeBSD implementation, these two requests are completely
identical. The addr argument specifies the address
(in the
traced process's virtual address space) at which the read
is to be done. This address does not have to meet any
alignment constraints. The value read is returned as the
return value from ptrace().
where do i get the addr argument ? how can i know which address do i
need to start from ?
Sincerely,
Tofik Suleymanov
More information about the freebsd-stable
mailing list