Databases
StackOverflow2013
Postsdbo
POptrace attach to vsftpd hangs
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POptrace attach to vsftpd hangs
    text
    copied!<p>I am trying to ptrace a vsftpd server process on linux to be able to get control whenever vsftpd process makes a system call. I start the vsftpd process and pass this process id as command line to the following program which traces vsftpd.</p> <p>however, when I run the following program it just hangs and does not print anything.Can anyone point out what could be wrong? Thanks a lot for your help!!</p> <pre><code>#include &lt;sys/ptrace.h&gt; #include &lt;sys/types.h&gt; #include &lt;sys/wait.h&gt; #include &lt;unistd.h&gt; #include &lt;linux/user.h&gt; #include &lt;sys/syscall.h&gt; /* For SYS_write etc */ #include&lt;sys/reg.h&gt; int main(int argc,char* argv[]) { pid_t child; long orig_eax, eax; long params[3]; int status; int insyscall = 0; child = atoi(argv[1]); ptrace(PTRACE_ATTACH,child,NULL,NULL); while(1) { wait(&amp;status); if(WIFEXITED(status)) break; orig_eax = ptrace(PTRACE_PEEKUSER, child, 4 * ORIG_EAX, NULL); if(orig_eax == __NR_clone || orig_eax == __NR_open || orig_eax == __NR_write) { if(insyscall == 0) { /* Syscall entry */ insyscall = 1; params[0] = ptrace(PTRACE_PEEKUSER, child, 4 * EBX, NULL); params[1] = ptrace(PTRACE_PEEKUSER, child, 4 * ECX, NULL); params[2] = ptrace(PTRACE_PEEKUSER, child, 4 * EDX, NULL); if(orig_eax == __NR_clone) { printf("\nClone"); } else if(orig_eax == __NR_open) printf("\nOpen"); else if(orig_eax == __NR_write) printf("\nWrite"); printf(" called with " "%ld, %ld, %ld\n", params[0], params[1], params[2]); } else { /* Syscall exit */ eax = ptrace(PTRACE_PEEKUSER, child, 4 * EAX, NULL); printf("Returned " "with %ld\n", eax); insyscall = 0; } } ptrace(PTRACE_SYSCALL, child, NULL, NULL); } return 0; } </code></pre>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload