Re: Attempting to port and app to linux but can't find an equivalent system call

From: Lew Pitcher (lpitcher_at_sympatico.ca)
Date: 04/21/04

  • Next message: Steve: "Re: Attempting to port and app to linux but can't find an equivalent system call" 
    Date: Tue, 20 Apr 2004 19:44:53 -0400

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Steve wrote:
    | Lew Pitcher <Lew.Pitcher@td.com> wrote in message
    news:<OEVgc.34713$Gp4.525981@news20.bellglobal.com>...
    |
    |>-----BEGIN PGP SIGNED MESSAGE-----
    |>Hash: SHA1
    |>
    |>Steve wrote:
    |>
    |>
    |>>Hello I am trying to port a windows app I have written to linux, and
    |>>cannot find anything in linux remotely like the following...
    |>>
    |>>FlushInstructionCache(GetCurrentProcess(),(LPCVOID)Address, Length);
    |>> VirtualProtectEx(GetCurrentProcess(), (LPVOID)Address,
    |>>Length,PAGE_EXECUTE_READWRITE, &oldperm);
    |>> WriteProcessMemory(
    |>> GetCurrentProcess(),
    |>> (LPVOID)Address,
    |>> (LPVOID)NewData,
    |>> Length,
    |>> NULL);
    |>> VirtualProtectEx(GetCurrentProcess(), (LPVOID)Address, Length,
    |>>oldperm, &tmp);
    |>
    |> [snip]
    |>
    |>>I think the main sticking point that I cannot seem to track down
    |>>anywhere, is how on earth do I modify the memory in one program, using
    |>>another.
    |>
    |>[snip]
    |>
    |>An Operating system that permits one process to modify another process' memory
    |>in an uncontrolled, unaudited, unmanaged manner is a dangerous and insecure
    |>operating system.
    |>
    |>Linux, like it's Unix forefathers, does not permit such uncontrolled access.
    |>There /are/ mechanisms that permit one Linux app to modify another's memory, but
    |>they all require some amount of system-administrative permissions.
    |>
    |>You can use the strace() syscall, so long as the process that applies the
    |>modification through strace() is the parent process to the process being modified.
    |>
    |>Or, if your modifying process has root permissions, it can open one of the
    |>/dev/*mem or /proc/*/ files and write it's modifications.
    |>
    |>Or, if both processes are "co-operative", they can use shared memory to permit
    |>one process to modify memory used by the other process.
    |>
    |>In your case, the strace() syscalls are probably the best bet.

    As others have pointed out, I typoed here. The syscall is ptrace(2). strace(1)
    is a utility that (IIRC) uses ptrace(2).

    | Since then, this IS for debugging purposes, it would be easiest to do
    | if I used this program to launch the program being modified?
    | Would I need to add an entire file launcher?
    | I'm trying to avoid code-bloat as much as possible here.

    Your parent process can use fork(2)/exec(3) to launch the program to be
    'modified', then the ptrace(2) call on the pid returned by the fork(2) to
    'modify' the target.

    There's very little 'code bloat' here: fork(2)/exec(3) are the usual semantics
    for launching a process. Take a look at the ptrace(2) manpage ('man 2 ptrace')
    for details on how to do this; it's a simple and ordinary procedure.

    - --
    Lew Pitcher

    Master Codewright & JOAT-in-training | GPG public key available on request
    Registered Linux User #112576 (http://counter.li.org/)
    Slackware - Because I know what I'm doing.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFAhbX1agVFX4UWr64RAlCFAKDVMGfuz872Z0GQYQJI0X1F7bB/gQCfVyc1
    8zKva2efwHgTLGjDgC707AM=
    =AE+C
    -----END PGP SIGNATURE-----

  • Next message: Steve: "Re: Attempting to port and app to linux but can't find an equivalent system call"

    Relevant Pages