47 lines
1.2 KiB
C
47 lines
1.2 KiB
C
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <stdint.h>
|
|
|
|
#include <unistd.h>
|
|
#include <fcntl.h>
|
|
#include <sys/ptrace.h>
|
|
#include <sys/wait.h>
|
|
#include <sys/types.h>
|
|
|
|
int main(int argc, char **argv)
|
|
{
|
|
if (argc < 3) {
|
|
fprintf(stderr, "%s [pid] [address]\n", argv[0]);
|
|
return 0;
|
|
}
|
|
pid_t proc_pid = strtol(argv[1], NULL, 0);
|
|
off_t vm_addr = strtol(argv[2], NULL, 0);
|
|
int proc_mem_fd = 0;
|
|
char proc_mem_path[255];
|
|
|
|
snprintf(proc_mem_path, sizeof(proc_mem_path) - 1, "/proc/%i/mem", proc_pid);
|
|
if ((proc_mem_fd = open(proc_mem_path, O_RDWR)) < 0) { // open process memory
|
|
perror("open");
|
|
return 1;
|
|
}
|
|
if (ptrace(PTRACE_ATTACH, proc_pid, NULL, NULL) < 0) { // attach to process
|
|
perror("ptrace");
|
|
return 1;
|
|
}
|
|
waitpid(proc_pid, NULL, 0); // wait for the tracee to stop (SIGSTOP) completly
|
|
|
|
uint64_t mem_val = 0;
|
|
// a read unsigned 64 bit integer from the specified address
|
|
if (pread(proc_mem_fd, &mem_val, sizeof(uint64_t), vm_addr) < 0) {
|
|
perror("pread");
|
|
return 1;
|
|
}
|
|
printf("value at 0x%lx:%lx\n", vm_addr, mem_val);
|
|
|
|
if (ptrace(PTRACE_DETACH, proc_pid, NULL, NULL) < 0) { // detach from process
|
|
perror("ptrace");
|
|
return 1;
|
|
}
|
|
close(proc_mem_fd);
|
|
return 0;
|
|
}
|