- 论坛徽章:
- 0
|
原帖由 Ph0nix 于 2007-11-20 09:36 发表 ![]()
RT,一个运行着的进程为什么可以被attach?gdb也是一个程序啊,一个进程怎么能够直接“侵犯”另外一个进程的空间?
The ptrace() system call provides a means by which a parent process may observe and
control the execution of another process, and examine and change its core image and
registers. It is primarily used to implement breakpoint debugging and system call
tracing.
The parent can initiate a trace by calling fork(2) and having the resulting child
do a PTRACE_TRACEME, followed (typically) by an exec(3). Alternatively, the
parent may commence trace of an existing process using PTRACE_ATTACH.
While being traced, the child will stop each time a signal is delivered, even if the
signal is being ignored. (The exception is SIGKILL, which has its usual effect.)
The parent will be notified at its next wait(2) and may inspect and modify the child
process while it is stopped. The parent then causes the child to continue,
optionally ignoring the delivered signal (or even delivering a different signal
instead).
When the parent is finished tracing, it can terminate the child with PTRACE_KILL or
cause it to continue executing in a normal, untraced mode via PTRACE_DETACH.
PTRACE_ATTACH
Attaches to the process specified in pid, making it a traced
"child" of the current process; the behavior of the child is
as if it had done a PTRACE_TRACEME. The current process
actually becomes the parent of the child process for most
purposes (e.g., it will receive notification of child events
and appears in ps(1) output as the childas parent), but a
getppid(2) by the child will still return the PID of the
original parent. The child is sent a SIGSTOP, but will not
necessarily have stopped by the completion of this call;
use wait() to wait for the child to stop. (addr and data are
ignored.) |
|
免费注册
发表于 2007-11-20 09:36
