From owner-freebsd-stable@FreeBSD.ORG  Thu Jun  8 10:05:32 2006
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@FreeBSD.ORG
Delivered-To: freebsd-stable@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9CE7416F4BC
	for <freebsd-stable@FreeBSD.ORG>; Thu,  8 Jun 2006 09:05:21 +0000 (UTC)
	(envelope-from tofik@oxygen.az)
Received: from mail.azerin.com (mail.azerin.com [212.47.128.23])
	by mx1.FreeBSD.org (Postfix) with SMTP id 3A3F043D4C
	for <freebsd-stable@FreeBSD.ORG>; Thu,  8 Jun 2006 09:05:17 +0000 (GMT)
	(envelope-from tofik@oxygen.az)
Received: (qmail 70446 invoked from network); 8 Jun 2006 09:05:37 -0000
X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on ml350.azerin.com
X-Spam-Level: 
X-Spam-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00,
	UNPARSEABLE_RELAY autolearn=ham version=3.1.1
Received: from qmail by qscan (mail filter); 8 Jun 2006 09:05:37 +0000
Received: from unknown (HELO ?212.47.129.5?) (212.47.129.5)
	by mail.azerin.com with SMTP; 8 Jun 2006 09:05:37 -0000
Message-ID: <4487E849.1020601@oxygen.az>
Date: Thu, 08 Jun 2006 12:05:13 +0300
From: Tofik Suleymanov <tofik@oxygen.az>
User-Agent: Thunderbird 1.5.0.2 (X11/20060425)
MIME-Version: 1.0
To: David Nugent <davidn@datalinktech.com.au>
References: <4486A111.6020300@oxygen.az>	<ED5EC8BD-0A92-4D73-BC01-48FD930311FF@wisc.edu>	<4486EFC8.6080601@oxygen.az>
	<448777B1.5030308@datalinktech.com.au>
In-Reply-To: <448777B1.5030308@datalinktech.com.au>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: Tofik Suleymanov <tofik@oxygen.az>, freebsd-stable@FreeBSD.ORG
Subject: Re: reading process memory
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Jun 2006 10:05:35 -0000

David Nugent wrote:
> Tofik Suleymanov wrote:
>> Thank you for brief and altogether extensive explanation of the 
>> case.The thing i wanted to do is to read let's say portions of memory 
>> where .bss and .data block of a running program reside.
>>
>> is that possible ?
> Yes. Debuggers offer this functionality, for example.
>
> man 2 ptrace
>
man 2 ptrace says:

    PT_READ_I, PT_READ_D
                   These requests read a single int of data from the traced
                   process's address space.  Traditionally, ptrace() has
                   allowed for machines with distinct address spaces for
                   instruction and data, which is why there are two 
requests:
                   conceptually, PT_READ_I reads from the instruction space
                   and PT_READ_D reads from the data space.  In the current
                   FreeBSD implementation, these two requests are completely
                   identical.  The addr argument specifies the address 
(in the
                   traced process's virtual address space) at which the read
                   is to be done.  This address does not have to meet any
                   alignment constraints.  The value read is returned as the
                   return value from ptrace().


where do i get the addr argument ? how can i know which address do i 
need to start from ?

Sincerely,
Tofik Suleymanov