Date: Wed, 7 Jun 2006 14:44:48 -0500 From: James Riendeau <jtriende@wisc.edu> To: Tofik Suleymanov <tofik@oxygen.az> Cc: freebsd-questions@freebsd.org Subject: Re: reading process memory Message-ID: <79C8EF08-A97C-4061-927C-1506DFA6FA6A@wisc.edu> In-Reply-To: <4549C3E0-B98D-4648-9C7E-C3E8823D8B94@wisc.edu> References: <4486A111.6020300@oxygen.az> <ED5EC8BD-0A92-4D73-BC01-48FD930311FF@wisc.edu> <4486EFC8.6080601@oxygen.az> <4549C3E0-B98D-4648-9C7E-C3E8823D8B94@wisc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
I'm going to anticipate your next question, and say that if you're not the parent, you will have to "attach" to the process. How that's done? I don't know, probably through a system call to ptrace or writing to the procfs ctl directory. I'm speaking through erudite knowledge rather than any real experience working with procfs. -james On Jun 7, 2006, at 2:33 PM, James Riendeau wrote: > Ahh. I think I goofed slightly. I think your application has to > be the parent of the running process to get at that property. See: > > http://www.informit.com/articles/article.asp?p=366888&seqNum=10 > > James Riendeau > MMI Computer Support Technician > 1300 University Ave > Rm. 436, Dept. of MedMicro > Madison, WI 53706 > > Phone: (608) 262-3351 > After-hours Phone: (608) 260-2696 > Fax: (608) 262-8418 > Email: jtriende@wisc.edu > > > > On Jun 7, 2006, at 10:24 AM, Tofik Suleymanov wrote: > >> James Riendeau wrote: >>> How are you defining "assuming right privileges"? >> assuming uid 0 >> >>> The only way you're going to be able to read another processes >>> address space is in the kernel.Even a process running as root is >>> not able to read another process's data. >> how does gdb then reads for example different variables of running >> program ? >>> One of the principle responsibilities of the OS is to manage >>> the private memory space of each process, and I emphasize >>> private. The last thing you would want on a secure system is the >>> ability of other processes to read or write to another process's >>> address space.Even a parent process should not be able to read a >>> child's address space, as the fork logically duplicates their >>> address space and they go their separate ways. An attempt to >>> read another processes address space should trap to the kernel >>> and the kernel should kill the process immediately. There is one >>> exception to this: you can setup a pipe or memory share between >>> two processes, however, both processes have to agree to share >>> some memory or connect via a pipe. I'm not going to give you a >>> howto via email as the subject usually fills a solid chapter in >>> most OS books. >> Thank you for brief and altogether extensive explanation of the >> case.The thing i wanted to do is to read let's say portions of >> memory where .bss and .data block of a running program reside. >> >> is that possible ? >> >> Sincerely, >> Tofik Suleymanov >> >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?79C8EF08-A97C-4061-927C-1506DFA6FA6A>