From owner-freebsd-questions@FreeBSD.ORG Wed Jun 7 22:01:20 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 054C916E88D for ; Wed, 7 Jun 2006 19:44:50 +0000 (UTC) (envelope-from jtriende@wisc.edu) Received: from medmicro.wisc.edu (listserv.medmicro.wisc.edu [128.104.10.254]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6A78543D58 for ; Wed, 7 Jun 2006 19:44:49 +0000 (GMT) (envelope-from jtriende@wisc.edu) Received: from [128.104.10.240] (unknown [128.104.10.240]) by medmicro.wisc.edu (Postfix) with ESMTP id DB03730280A; Wed, 7 Jun 2006 14:44:48 -0500 (CDT) In-Reply-To: <4549C3E0-B98D-4648-9C7E-C3E8823D8B94@wisc.edu> References: <4486A111.6020300@oxygen.az> <4486EFC8.6080601@oxygen.az> <4549C3E0-B98D-4648-9C7E-C3E8823D8B94@wisc.edu> Mime-Version: 1.0 (Apple Message framework v749.3) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <79C8EF08-A97C-4061-927C-1506DFA6FA6A@wisc.edu> Content-Transfer-Encoding: 7bit From: James Riendeau Date: Wed, 7 Jun 2006 14:44:48 -0500 To: Tofik Suleymanov X-Mailer: Apple Mail (2.749.3) Cc: freebsd-questions@freebsd.org Subject: Re: reading process memory X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Jun 2006 22:01:26 -0000 I'm going to anticipate your next question, and say that if you're not the parent, you will have to "attach" to the process. How that's done? I don't know, probably through a system call to ptrace or writing to the procfs ctl directory. I'm speaking through erudite knowledge rather than any real experience working with procfs. -james On Jun 7, 2006, at 2:33 PM, James Riendeau wrote: > Ahh. I think I goofed slightly. I think your application has to > be the parent of the running process to get at that property. See: > > http://www.informit.com/articles/article.asp?p=366888&seqNum=10 > > James Riendeau > MMI Computer Support Technician > 1300 University Ave > Rm. 436, Dept. of MedMicro > Madison, WI 53706 > > Phone: (608) 262-3351 > After-hours Phone: (608) 260-2696 > Fax: (608) 262-8418 > Email: jtriende@wisc.edu > > > > On Jun 7, 2006, at 10:24 AM, Tofik Suleymanov wrote: > >> James Riendeau wrote: >>> How are you defining "assuming right privileges"? >> assuming uid 0 >> >>> The only way you're going to be able to read another processes >>> address space is in the kernel.Even a process running as root is >>> not able to read another process's data. >> how does gdb then reads for example different variables of running >> program ? >>> One of the principle responsibilities of the OS is to manage >>> the private memory space of each process, and I emphasize >>> private. The last thing you would want on a secure system is the >>> ability of other processes to read or write to another process's >>> address space.Even a parent process should not be able to read a >>> child's address space, as the fork logically duplicates their >>> address space and they go their separate ways. An attempt to >>> read another processes address space should trap to the kernel >>> and the kernel should kill the process immediately. There is one >>> exception to this: you can setup a pipe or memory share between >>> two processes, however, both processes have to agree to share >>> some memory or connect via a pipe. I'm not going to give you a >>> howto via email as the subject usually fills a solid chapter in >>> most OS books. >> Thank you for brief and altogether extensive explanation of the >> case.The thing i wanted to do is to read let's say portions of >> memory where .bss and .data block of a running program reside. >> >> is that possible ? >> >> Sincerely, >> Tofik Suleymanov >> >