ptrace

While I was working on this question , I've come across a possible idea that uses ptrace , but I'm unable to get a proper understanding of how ptrace interacts with threads. Suppose I have a given, multithreaded main process, and I want to attach to a specific thread in it (perhaps from a forked child). Can I attach to a specific thread? (The manuals diverge on this question.) If so, does that mean that single-stepping only steps through that one thread's instructions? Does it stop all the process's threads? If so, do all the other threads remain stopped while I call PTRACE_SYSCALL or PTRACE

I've been trying to understand how to read the memory of other processes on Mac OS X, but I'm not having much luck. I've seen many examples online using ptrace with PEEKDATA and such, however it doesn't have that option on BSD [ man ptrace ] . int pid = fork(); if (pid > 0) { // mess around with child-process's memory } How is it possible to read from and write to the memory of another process on Mac OS X? Use task_for_pid() or other methods to obtain the target process’s task port. Thereafter, you can directly manipulate the process’s address space using vm_read() , vm_write() , and others.

CRIU介绍 CRIU（Checkpoint/Restore In Userspace）运行在linux操作系统上的一个软件工具，其功能是在用户空间实现Checkpoint/Restore功能。使用这个工具，你可以冻结一个正在运行的程序，并且checkpoint它到一系列的文件，然后你就可以使用这些文件在任何主机重新恢复这个程序到被冻结的那个点。 Checkpoint/Restore介绍 checkpoint程序严重依赖**/proc**文件系统，它从/proc收集的信息包括： 文件描述信息（通过**/proc/ p i d / f d ∗ ∗ 和 ∗ ∗ / p r o c / pid/fd** 和 **/proc/ p i d / f d ∗ ∗ 和 ∗ ∗ / p r o c / pid/fdinfo**） 管道参数信息 内存表（通过**/proc/ p i d / m a p s ∗ ∗ 和 ∗ ∗ / p r o c / pid/maps** 和 **/proc/ p i d / m a p s ∗ ∗ 和 ∗ ∗ / p r o c / pid/map_files/**） 监控进程做的checkpoint由如下步骤组成： 1、收集并且冻结被监控程序的进程树 监控程序使用被监控程序的主进程 pid 遍历**/proc/%pid/task/ 路径收集线程tid，并且递归遍历