PTRACE(3C) Standard C Library Functions PTRACE(3C)
NAME
ptrace - allows a parent process to control the execution of a child
process
SYNOPSIS
#include <unistd.h>
#include <sys/types.h>
int ptrace(
int request,
pid_t pid,
int addr,
int data);
DESCRIPTION
The
ptrace() function allows a parent process to control the
execution of a child process. Its primary use is for the
implementation of breakpoint debugging. The child process behaves
normally until it encounters a signal (see
signal.h(3HEAD)), at which
time it enters a stopped state and its parent is notified by the
wait(3C) function. When the child is in the stopped state, its parent
can examine and modify its "core image" using
ptrace(). Also, the
parent can cause the child either to terminate or continue, with the
possibility of ignoring the signal that caused it to stop.
The
request argument determines the action to be taken by
ptrace() and is one of the following:
0 This request must be issued by the child process if it is to be
traced by its parent. It turns on the child's trace flag that
stipulates that the child should be left in a stopped state on
receipt of a signal rather than the state specified by
func (see
signal(3C)). The
pid,
addr, and
data arguments are ignored, and
a return value is not defined for this request. Peculiar results
ensue if the parent does not expect to trace the child.
The remainder of the requests can only be used by the parent process.
For each,
pid is the process
ID of the child. The child must be in a
stopped state before these requests are made.
1, 2 With these requests, the word at location
addr in the address
space of the child is returned to the parent process. If
instruction and data space are separated, request
1 returns a
word from instruction space, and request
2 returns a word
from data space. If instruction and data space are not
separated, either request
1 or request
2 may be used with
equal results. The
data argument is ignored. These two
requests fail if
addr is not the start address of a word, in
which case
-1 is returned to the parent process and the
parent's
errno is set to
EIO.
3 With this request, the word at location
addr in the child's
user area in the system's address space (see <
sys/user.h>) is
returned to the parent process. The
data argument is ignored.
This request fails if
addr is not the start address of a word
or is outside the user area, in which case
-1 is returned to
the parent process and the parent's
errno is set to
EIO.
4, 5 With these requests, the value given by the
data argument is
written into the address space of the child at location
addr.
If instruction and data space are separated, request
4 writes
a word into instruction space, and request
5 writes a word
into data space. If instruction and data space are not
separated, either request
4 or request
5 may be used with
equal results. On success, the value written into the address
space of the child is returned to the parent. These two
requests fail if
addr is not the start address of a word. On
failure
-1 is returned to the parent process and the parent's
errno is set to
EIO.
6 With this request, a few entries in the child's user area can
be written.
data gives the value that is to be written and
addr is the location of the entry. The few entries that can
be written are the general registers and the condition codes
of the Processor Status Word.
7 This request causes the child to resume execution. If the
data argument is 0, all pending signals including the one
that caused the child to stop are canceled before it resumes
execution. If the
data argument is a valid signal number, the
child resumes execution as if it had incurred that signal,
and any other pending signals are canceled. The
addr argument
must be equal to 1 for this request. On success, the value
of
data is returned to the parent. This request fails if
data is not 0 or a valid signal number, in which case
-1 is
returned to the parent process and the parent's
errno is set
to
EIO.
8 This request causes the child to terminate with the same
consequences as
exit(2).
9 This request sets the trace bit in the Processor Status Word
of the child and then executes the same steps as listed above
for request
7. The trace bit causes an interrupt on
completion of one machine instruction. This effectively
allows single stepping of the child.
To forestall possible fraud,
ptrace() inhibits the set-user-ID
facility on subsequent calls to one of the
exec family of functions
(see
exec(2)). If a traced process calls one of these functions, it
stops before executing the first instruction of the new image showing
signal
SIGTRAP.
ERRORS
The
ptrace() function will fail if:
EIO The
request argument is an illegal number.
EPERM The calling process does not have appropriate privileges to
control the calling process. See
proc(5).
ESRCH The
pid argument identifies a child that does not exist or
has not executed a
ptrace() call with request
0.
USAGE
The
ptrace() function is available only with the 32-bit version of
libc(3LIB). It is not available with the 64-bit version of this
library.
The
/proc debugging interfaces should be used instead of
ptrace(),
which provides quite limited debugger support and is itself
implemented using the
/proc interfaces. There is no actual
ptrace() system call in the kernel. See
proc(5) for descriptions of the
/proc debugging interfaces.
ATTRIBUTES
See
attributes(7) for descriptions of the following attributes:
+--------------------+-----------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-----------------+
|Interface Stability | Standard |
+--------------------+-----------------+
|MT-Level | MT-Safe |
+--------------------+-----------------+
SEE ALSO
exec(2),
exit(2),
signal(3C),
wait(3C),
signal.h(3HEAD),
libc(3LIB),
proc(5),
attributes(7) March 22, 2004 PTRACE(3C)
