S
Simone
Hi, I'm developing an application that access the procfs and then
read/write /proc/<PID>/mem of a process to change the content of a
file
owned by that process.
The sequential steps performed by the application are the followings:
1) catch, by using ptrace, of the "read" system call
2) read the file content directly on /proc/PID/mem
3) modify this content
4) write back the modified content on /proc/PD/mem
The problem is that it returns "Error 22 Invalid argument" every time
it tries to read (or write) on procfs.
(I've already patched the kernel to allow read/write operation on
/proc/<pid>/mem and I've tried the pread/pwrite functions, but they
have the same behavior).
This is an extract of my code:
....
int eax_reg, ecx_reg, ret;
char * buffer;
char orig_buf[eax_reg+1];
char proc_path[MAX_FILE_NAME+1];
// traced_proc is the pid_t of the traced process
// get number of bytes to read
eax_reg = ptrace(PTRACE_PEEKUSER, traced_proc, 4*EAX, NULL);
// get traced process space buffer
ecx_reg = ptrace(PTRACE_PEEKUSER, traced_proc, 4*ECX, NULL);
buffer = malloc(sizeof(char)*eax_reg);
memset(orig_buf,0,eax_reg+1);
memset(proc_path, 0, sizeof(proc_path));
sprintf(proc_path, "/proc/%d/mem", traced_proc);
fd_proc = open(proc_path, O_RDWR);
lseek(fd_proc, ecx_reg, SEEK_SET);
int ret = read(fd_proc, buffer, eax_reg);
if (ret < 0) {
perror("read");
fprintf(stderr, "Failed to read: %d - %s\n", errno, strerror(errno));
}
....
if I run the application with strace, the output for the code shown
above is:
open("/proc/13271/mem", O_RDWR) = 3
lseek(3, 3086368768, SEEK_SET) = 3086368768
read(3, 0xbfca0940, 280) = -1 EINVAL (Invalid argument)
Can someone tell me where I'm wrong?
Thanks in advance for any help...
read/write /proc/<PID>/mem of a process to change the content of a
file
owned by that process.
The sequential steps performed by the application are the followings:
1) catch, by using ptrace, of the "read" system call
2) read the file content directly on /proc/PID/mem
3) modify this content
4) write back the modified content on /proc/PD/mem
The problem is that it returns "Error 22 Invalid argument" every time
it tries to read (or write) on procfs.
(I've already patched the kernel to allow read/write operation on
/proc/<pid>/mem and I've tried the pread/pwrite functions, but they
have the same behavior).
This is an extract of my code:
....
int eax_reg, ecx_reg, ret;
char * buffer;
char orig_buf[eax_reg+1];
char proc_path[MAX_FILE_NAME+1];
// traced_proc is the pid_t of the traced process
// get number of bytes to read
eax_reg = ptrace(PTRACE_PEEKUSER, traced_proc, 4*EAX, NULL);
// get traced process space buffer
ecx_reg = ptrace(PTRACE_PEEKUSER, traced_proc, 4*ECX, NULL);
buffer = malloc(sizeof(char)*eax_reg);
memset(orig_buf,0,eax_reg+1);
memset(proc_path, 0, sizeof(proc_path));
sprintf(proc_path, "/proc/%d/mem", traced_proc);
fd_proc = open(proc_path, O_RDWR);
lseek(fd_proc, ecx_reg, SEEK_SET);
int ret = read(fd_proc, buffer, eax_reg);
if (ret < 0) {
perror("read");
fprintf(stderr, "Failed to read: %d - %s\n", errno, strerror(errno));
}
....
if I run the application with strace, the output for the code shown
above is:
open("/proc/13271/mem", O_RDWR) = 3
lseek(3, 3086368768, SEEK_SET) = 3086368768
read(3, 0xbfca0940, 280) = -1 EINVAL (Invalid argument)
Can someone tell me where I'm wrong?
Thanks in advance for any help...