Databases
StackOverflow2013
Postsdbo
POGrab all printfs with ptrace
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POGrab all printfs with ptrace
    text
    copied!<p>I want to attach myself to a process and intercept all <code>printf</code> calls from that process. </p> <p>main.c</p> <pre><code>int main() { int i; for(i = 0; i &lt; 10; i++) { printf("HelloWorld\n"); sleep(5); } return 0; } </code></pre> <hr> <p>Then to attach I have this code, and I want to do an infinite loop or until the main.c finishes -- infinite loop will work this is only Hello World with ptrace for testing, nothing fancy.</p> <pre><code>#include &lt;sys/ptrace.h&gt; #include &lt;sys/types.h&gt; #include &lt;sys/wait.h&gt; #include &lt;unistd.h&gt; #include &lt;sys/user.h&gt; // For user_regs_struct int main(int argc, char *argv[]) { struct user_regs_struct regs; pid_t traced_process = atoi(argv[1]); long t = ptrace(PTRACE_ATTACH, traced_process, NULL, NULL); wait(NULL); ptrace(PTRACE_GETREGS, traced_process, NULL, &amp;regs); long ins = ptrace(PTRACE_PEEKTEXT, traced_process, regs.eip, NULL); printf("EIP: %lx Instruction executed: %lx\n", regs.eip, ins); char *c = &amp;ins; printf("%c\n",c); ptrace(PTRACE_DETACH, traced_process, NULL, NULL); return 0; } </code></pre> <p>I tried to put <code>while(1)</code> after attaching but that will actually just loop on the first printf executed in main.c.</p> <p>I am really struggling with this, every example I run into is literally a copy paste of the other with huge amounts of code that is not even related to what I'm trying to do. I do know for sure that printf is a write() in the kernel, so that's what I should be looking for.</p> <p>So again I want to get a reference to the string that printf is trying to print to the screen in the other terminal. How do I do this? </p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload