From owner-freebsd-stable@FreeBSD.ORG Thu Jun 8 10:17:18 2006 Return-Path: X-Original-To: freebsd-stable@FreeBSD.ORG Delivered-To: freebsd-stable@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E581516B236 for ; Thu, 8 Jun 2006 08:21:43 +0000 (UTC) (envelope-from dds@aueb.gr) Received: from mx-out-01.forthnet.gr (mx-out.forthnet.gr [193.92.150.103]) by mx1.FreeBSD.org (Postfix) with ESMTP id E182043D46 for ; Thu, 8 Jun 2006 08:21:42 +0000 (GMT) (envelope-from dds@aueb.gr) Received: from mx-av-02.forthnet.gr (mx-av.forthnet.gr [193.92.150.27]) by mx-out-01.forthnet.gr (8.13.6/8.13.6) with ESMTP id k588LeFb019784; Thu, 8 Jun 2006 11:21:40 +0300 Received: from mx-in-01.forthnet.gr (mx-in-01.forthnet.gr [193.92.150.23]) by mx-av-02.forthnet.gr (8.13.6/8.13.6) with ESMTP id k588LeaK001981; Thu, 8 Jun 2006 11:21:40 +0300 Received: from [192.168.136.16] (ppp93-9.adsl.forthnet.gr [194.219.141.9]) by mx-in-01.forthnet.gr (8.13.6/8.13.6) with ESMTP id k588LdLN030333; Thu, 8 Jun 2006 11:21:39 +0300 Authentication-Results: mx-in-01.forthnet.gr from=dds@aueb.gr; sender-id=neutral; spf=neutral Message-ID: <4487DE20.8010809@aueb.gr> Date: Thu, 08 Jun 2006 11:21:52 +0300 From: Diomidis Spinellis User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060516 SeaMonkey/1.0.2 MIME-Version: 1.0 To: Tofik Suleymanov References: <4486A111.6020300@oxygen.az> <4486EFC8.6080601@oxygen.az> <4487659E.8000303@aueb.gr> <4487D6F0.1050702@oxygen.az> In-Reply-To: <4487D6F0.1050702@oxygen.az> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-stable@FreeBSD.ORG, James Riendeau Subject: Re: reading process memory X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Jun 2006 10:17:20 -0000 Tofik Suleymanov wrote: > Diomidis Spinellis wrote: >> Tofik Suleymanov wrote: >>>> The only way you're going to be able to read another processes >>>> address space is in the kernel.Even a process running as root is not >>>> able to read another process's data. >> >> Incorrect; see this example: >> >> $ sed -e 's/this/that/' & >> [1] 87345 >> $ /bin/su >> Password: >> >> # dd if=/proc/87345/mem conv=noerror 2> /dev/null | strings >> [...] >> @(#)compile.c 8.1 (Berkeley) 6/6/93 >> [...] >> RE error: %s >> RuneMagiNONE >> /this/that/ >> "s/this/that/ >> s/this/that/ >> this >> that >> that >> >> > I followed instructions in your email, but had no success of getting > simmilar results. When trying to read from mem file of particular > process i get error messages from dd: > (many of this records populate the screen) > 0 bytes transferred in 6.393733 secs (0 bytes/sec) > dd: /proc/13150/mem: Bad address > dd: /proc/13150/mem: Bad address > 0+0 records in > 0+0 records out > 0 bytes transferred in 6.393795 secs (0 bytes/sec) > > > while pid 13510 exists: > paranoia# ps ax |grep 13150 > 13150 p1 T 0:00.00 sed -e s/this/that/g > paranoia# > > > man 5 procfs says: > > mem The complete virtual memory image of the process. Only those > address which exist in the process can be accessed. Reads and > writes to this file modify the process. Writes to the text > seg- > ment remain private to the process. > map A map of the process' virtual memory. > > > I wonder why i cannot just dd data from mem ? > Not all areas of the process's memory are accessible. This is why I set the conv=noerr option to dd (rather than run strings directly on mem), and also redirected the dd's standard error output to /dev/null. Your root's shell (probably tcsh) failed to do that. (Tcsh doesn't offer a way to redirect just the error output). Run sh after the su command to have this facility at your disposal. Diomidis - http://www.spinellis.gr