Member Avatar for Eddy Dean

Hello,

I want to be able to read the memory of a process in Linux. After some googling I've read that ptrace can be used to this. The syntax of ptrace is as follows:

int ptrace(int request, pid_t pid, int addr, int data);

The first value (int request) is what function ptrace should use. For reading memory this should be PTRACE_PEEKDATA .
That won't be a problem... int data won't be a problem either. But then there is pid (process id). How am I supposed to find the process ID? Of course I do know the name and the filename of the program. The other problem is the int addr. In windows there were several tools to find this (TSearch, ArtMoney), but I don't know any of these tools for Linux (using ubuntu).

I hope some of you know a bit more about these parameters. I've done this before in Windows, and the DaniWeb community really helped me a lot back then, let's see if they can do the same for Linux ;)

Thanks in advance,
Arno

  • 2 Contributors
  • 3 Replies
  • 231 Views
  • 6 Hours Discussion Span
  • Latest Post Latest Post by ~s.o.s~

Recommended Answers

All 3 Replies

Member Avatar for Eddy Dean

The second link was really helpful, I did not find that one yet.

Now I should be able to read to an different process, but there are just two problems left. How do I get the pid, how do I get the address. Getting the pid is done with parameters in all examples I've seen (including your links).

Thanks,
Arno

Member Avatar for ~s.o.s~

For getting the address of a process in linux see here

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.