ofo*_*sho 6 c multithreading ptrace pthreads
编辑(制作进展):
我试图ptrace一个vsftpd守护进程.我有以下代码附加到守护程序.然后它成功显示第一个衍生进程的PID.但是,对于这个衍生进程的子进程,它返回PID为2,3,..程序确实捕获了生成进程的退出,这让我觉得我很接近.
有任何想法吗?
void * trace_process(void * pid){
pid_t child = atoi((char *) pid);
long orig_eax, eax;
int status;
int callmade = FALSE;
long opt = PTRACE_O_TRACEFORK;
long newpid;
long trace = ptrace(PTRACE_ATTACH,child,NULL,NULL);
ptrace(PTRACE_SETOPTIONS,child,NULL,opt);
if(trace == FALSE)
printf("Attached to %d\n",child);
while(TRUE) {
child = waitpid(-1, &status, __WALL);
if (status >> 16 == PTRACE_EVENT_FORK) {
ptrace(PTRACE_GETEVENTMSG, child, NULL, (long) &newpid);
ptrace(PTRACE_SYSCALL, newpid, NULL, NULL);
printf("Attached to offspring %ld\n", newpid);
}
else{
if(WIFEXITED(status))
printf("Child %d exited\n", child);
}
ptrace(PTRACE_SYSCALL,child, NULL, NULL);
}
}
样本输出:
Attached to 2015 // daemon
Attached to offspring 5302 // new connection handler
Attached to offspring 2 // should be authenticator
Child 5303 exited // authenticator exiting on successful login
Attached to offspring 3 // should be process serving files
Child 5304 exited // logout: process serving files
Child 5302 exited // connection closed
Attached to offspring 5305 // new connection handler
Attached to offspring 2 // ... repeat
Child 5306 exited
Attached to offspring 3
Child 5307 exited
Child 5305 exited
进一步研究我的代码后,我意识到它确实可以捕获来自父级及其子级的所有系统调用。唯一的问题是 PID 作为相对数字而不是实际的 PID 返回。这导致无法确定等待 PID 是否实际上是从父进程生成的。无论哪种方式,代码都会为您提供所有系统调用。据我所知,我仍然想知道为什么 PID 是相对的,但代码工作正常。
| 归档时间: |
|
| 查看次数: |
5604 次 |
| 最近记录: |