问题
I was using the following code which actually gets me the contents in the registers (eax, ebx, ecx) whenever a open system call is called. Now after a lot of struggle I understood what the values signify from this Question.
ebx contains the pointer to filename. But when I try to access it I was getting a segmentation fault. Where am I going wrong?
The code can be accessed from the here
回答1:
Every process has its own address space. An address obtained from another process will not be valid in yours. One way to read memory in the other process would be to use PTRACE_PEEKDATA. On Linux, another way would be to open /proc/<pid>/mem, seek to the address, and read from it like a file.
来源:https://stackoverflow.com/questions/9786648/using-ptrace-to-track-the-location-of-files-being-opened