• Home
  • Raw
  • Download

Lines Matching refs:ptrace

1 This document describes Linux ptrace implementation in Linux kernels
18 a specific tracee using ptrace(PTRACE_foo, pid, ...), where pid is a
23 There are many kinds of states when tracee is stopped, and in ptrace
28 ptrace commands from the tracer is called ptrace-stop. Ptrace-stops can
33 1.x Death under ptrace.
38 not a ptrace-stop (because tracer can't query tracee status such as
41 ptrace-stop.
55 Tracer can kill a tracee with ptrace(PTRACE_KILL, pid, 0, 0). This
72 Tracer cannot assume that ptrace-stopped tracee exists. There are many
75 ptrace operation. Unfortunately, the same error is returned if tracee
76 exists but is not ptrace-stopped (for commands which require stopped
77 tracee), or if it is not traced by process which issued ptrace call.
80 been observed to enter ptrace-stop. Note that there is no guarantee
82 ptrace operation returned ESRCH. waitpid(WNOHANG) may return 0 instead.
83 IOW: tracee may be "not yet fully dead" but already refusing ptrace ops.
88 ??? or can it? Do we include such a promise into ptrace API?
93 When running tracee enters ptrace-stop, it notifies its tracer using
122 The following kinds of ptrace-stops exist: signal-delivery-stops,
139 the next ptrace request. This second step of signal delivery is called
147 ptrace-stop - see "Syscall-stops" and "execve" sections below for
157 ptrace(PTRACE_rest, pid, 0, sig)
159 call, where PTRACE_rest is one of the restarting ptrace ops. If sig is
176 This is a cause of confusion among ptrace users. One typical scenario
178 signal-delivery-stop, restarts tracee with ptrace(PTRACE_rest, pid, 0,
215 is returned by some other classes of ptrace-stops, therefore the
218 ptrace(PTRACE_GETSIGINFO, pid, 0, &siginfo)
227 As of kernel 2.6.38, after tracer sees tracee ptrace-stop and until it
242 If tracer sets TRACE_O_TRACEfoo options, tracee will enter ptrace-stops
318 ptrace-stops in order to not misinterpret syscall-enter-stop as
321 death - no other kinds of ptrace-stop can occur in between.
335 1.x Informational and restarting ptrace commands.
337 Most ptrace commands (all except ATTACH, TRACEME, KILL) require tracee
338 to be in ptrace-stop, otherwise they fail with ESRCH.
340 When tracee is in ptrace-stop, tracer can read and write data to tracee
341 using informational commands. They leave tracee in ptrace-stopped state:
343 longv = ptrace(PTRACE_PEEKTEXT/PEEKDATA/PEEKUSER, pid, addr, 0);
344 ptrace(PTRACE_POKETEXT/POKEDATA/POKEUSER, pid, addr, long_val);
345 ptrace(PTRACE_GETREGS/GETFPREGS, pid, 0, &struct);
346 ptrace(PTRACE_SETREGS/SETFPREGS, pid, 0, &struct);
347 ptrace(PTRACE_GETSIGINFO, pid, 0, &siginfo);
348 ptrace(PTRACE_SETSIGINFO, pid, 0, &siginfo);
349 ptrace(PTRACE_GETEVENTMSG, pid, 0, &long_var);
350 ptrace(PTRACE_SETOPTIONS, pid, 0, PTRACE_O_flags);
353 may have no effect in some ptrace-stops, yet the call may succeed
356 ptrace(PTRACE_SETOPTIONS, pid, 0, PTRACE_O_flags) affects one tracee.
361 Another group of commands makes ptrace-stopped tracee run. They have
364 ptrace(PTRACE_cmd, pid, 0, sig);
373 A thread can be attached to tracer using ptrace(PTRACE_ATTACH, pid, 0,
388 ptrace(PTRACE_TRACEME, 0, 0, 0) request turns current thread into a
389 tracee. It continues to run (doesn't enter ptrace-stop). A common
390 practice is to follow ptrace(PTRACE_TRACEME) with raise(SIGSTOP) and
401 Detaching of tracee is performed by ptrace(PTRACE_DETACH, pid, 0, sig).
403 to be in ptrace-stop. If tracee is in signal-delivery-stop, signal can
411 tracee may enter other ptrace-stops and needs to be restarted and
413 be sure that tracee is not already ptrace-stopped, because no signal
426 1.x execve under ptrace.
433 ptrace option. Then all other threads except thread group leader report
435 PTRACE_EVENT_EXEC stop happens, if requested by active ptrace option
439 (Remember, under ptrace 'pid' returned from waitpid, or fed into ptrace
490 generated by "kill -TRAP"), not a special kind of ptrace-stop.
541 always immediately kill tasks even under ptrace. Last confirmed on