[Mono-dev] {kinda OT} Linux equivalent of Win32 "ReadProcessMemory"...
Mike Edenfield
kutulu at kutulu.org
Tue Apr 14 18:02:09 EDT 2009
On 4/14/2009 11:47 AM, Martin Baulig wrote:
> On Mon, 2009-04-13 at 10:45 -0400, Miguel de Icaza wrote:
>
>>> * Has anyone actually done something like this and run into non-
>>> obvious
>>> problems? I'm most concerned that there are some gotchas in how Linux
>>> manages memory, though if its just a matter of trial and error to find
>>> the right spots in memory I'm already assuming that's coming.
>> You might want to first look in /proc/PID/maps which describes which
>> memory addresses are actually valid for that process. Then you can
>> start seeking and reading at will.
> b) you're the tracing parent of the target process - and the restriction
> applies on thread-level.
I eventually figure that out, it was the source of my seemingly random
ESRCH errors trying to read from /proc/<pid>/mem. Once I realized that
I need to PTRACE_ATTACH first, I was all set. I am successfully reading
memory from my target process.
So far, I've only managed to pull the ELF header out of memory, but it's
a start. I just need to find a way to tell the difference between each
possible version of the binary I might run into; the original utility
relied on the fact that Windows linkers stick a time stamp into the PE
header at creation time, but I don't see anything similar in ELF.
--Mike
More information about the Mono-devel-list
mailing list