在 linux 中没有 ptrace 的情况下在 C 中读取另一个进程的内存
Reading memory of another process in C without ptrace in linux
我正在尝试读取另一个进程的内存并打印内存中的任何内容(堆 and/or 堆栈)。我使用 /proc 得到了内存地址范围
我提取了地址范围,如 this。现在我想像定义的那样读取另一个进程的内存范围。
5569032d2000-5569032f3000 rw-p 00000000 00:00 0 [堆]
我对如何访问这些内存地址感到困惑。我尝试了如下所示的操作,但没有多大帮助。
int main(int argc, char *argv[]) {
off_t offset = strtoul(argv[1], NULL, 0);
size_t len = strtoul(argv[2], NULL, 0);
// Truncate offset to a multiple of the page size, or mmap will fail.
size_t pagesize = sysconf(_SC_PAGE_SIZE);
off_t page_base = (offset / pagesize) * pagesize;
off_t page_offset = offset - page_base;
int fd = open("/dev/mem", O_SYNC);
unsigned char *mem = mmap(NULL, page_offset + len, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, page_base);
if (mem == MAP_FAILED) {
perror("Can't map memory");
return -1;
}
size_t i;
for (i = 0; i < len; ++i)
printf("%x ", (int)mem[page_offset + i]);
//size_t i;
return 0;}
谢谢。
我正在为我的嵌入式系统制作一个调试工具。我无法使用 ptrace(),因为它会在尝试查看设备内存时停止 运行 进程。
我想出了读取另一个进程的过程,我可以使用 process_vm_readv() 函数如下:
pid_t pid; // Put value of pid in this
void *remotePtr; // Put starting address
size_t bufferLength; // Put size of buffer in this, aka size to read
// Build iovec structs
struct iovec local[1];
local[0].iov_base = calloc(bufferLength, sizeof(char));
local[0].iov_len = bufferLength;
struct iovec remote[1];
remote[0].iov_base = remotePtr;
remote[0].iov_len = bufferLength;
/*Nread will contain amount of bytes of data read*/
nread = process_vm_readv(pid, local, 2, remote, 1, 0);
if (nread < 0) {
switch (errno) {
case EINVAL:
printf("ERROR: INVALID ARGUMENTS.\n");
break;
case EFAULT:
printf
("ERROR: UNABLE TO ACCESS TARGET MEMORY ADDRESS.\n");
break;
case ENOMEM:
printf("ERROR: UNABLE TO ALLOCATE MEMORY.\n");
break;
case EPERM:
printf
("ERROR: INSUFFICIENT PRIVILEGES TO TARGET PROCESS.\n");
break;
case ESRCH:
printf("ERROR: PROCESS DOES NOT EXIST.\n");
break;
default:
printf("ERROR: AN UNKNOWN ERROR HAS OCCURRED.\n");
}
return -1;
}
/* To print the read data */
printf("The read text is \n %s\n", local[0].iov_base);
我正在尝试读取另一个进程的内存并打印内存中的任何内容(堆 and/or 堆栈)。我使用 /proc 得到了内存地址范围
我提取了地址范围,如 this。现在我想像定义的那样读取另一个进程的内存范围。
5569032d2000-5569032f3000 rw-p 00000000 00:00 0 [堆]
我对如何访问这些内存地址感到困惑。我尝试了如下所示的操作,但没有多大帮助。
int main(int argc, char *argv[]) {
off_t offset = strtoul(argv[1], NULL, 0);
size_t len = strtoul(argv[2], NULL, 0);
// Truncate offset to a multiple of the page size, or mmap will fail.
size_t pagesize = sysconf(_SC_PAGE_SIZE);
off_t page_base = (offset / pagesize) * pagesize;
off_t page_offset = offset - page_base;
int fd = open("/dev/mem", O_SYNC);
unsigned char *mem = mmap(NULL, page_offset + len, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, page_base);
if (mem == MAP_FAILED) {
perror("Can't map memory");
return -1;
}
size_t i;
for (i = 0; i < len; ++i)
printf("%x ", (int)mem[page_offset + i]);
//size_t i;
return 0;}
谢谢。
我正在为我的嵌入式系统制作一个调试工具。我无法使用 ptrace(),因为它会在尝试查看设备内存时停止 运行 进程。
我想出了读取另一个进程的过程,我可以使用 process_vm_readv() 函数如下:
pid_t pid; // Put value of pid in this
void *remotePtr; // Put starting address
size_t bufferLength; // Put size of buffer in this, aka size to read
// Build iovec structs
struct iovec local[1];
local[0].iov_base = calloc(bufferLength, sizeof(char));
local[0].iov_len = bufferLength;
struct iovec remote[1];
remote[0].iov_base = remotePtr;
remote[0].iov_len = bufferLength;
/*Nread will contain amount of bytes of data read*/
nread = process_vm_readv(pid, local, 2, remote, 1, 0);
if (nread < 0) {
switch (errno) {
case EINVAL:
printf("ERROR: INVALID ARGUMENTS.\n");
break;
case EFAULT:
printf
("ERROR: UNABLE TO ACCESS TARGET MEMORY ADDRESS.\n");
break;
case ENOMEM:
printf("ERROR: UNABLE TO ALLOCATE MEMORY.\n");
break;
case EPERM:
printf
("ERROR: INSUFFICIENT PRIVILEGES TO TARGET PROCESS.\n");
break;
case ESRCH:
printf("ERROR: PROCESS DOES NOT EXIST.\n");
break;
default:
printf("ERROR: AN UNKNOWN ERROR HAS OCCURRED.\n");
}
return -1;
}
/* To print the read data */
printf("The read text is \n %s\n", local[0].iov_base);