Low-overhead way to access the memory space of a traced process?

Question

I\'m looking for an efficient way to access(for both read and write operations) the memory space of my ptraced child process. The size of blocks being accessed may vary from

Answer 1

For reading, your best bet is to parse the /proc//maps file for the virtual addresses of the memory regions of interest.

You can then read these by opening /proc//mem and perform read() call with a large buffer on areas of interest.

For writing, I've yet to find an easy way to write entire blocks, I believe this has to do with locking and stability for the child process, calls through ptrace() can guarantee this, but direct access to another process' memory cannot. I typically write a wrapper around ptrace(PTRACE_POKEDATA, ...) to mirror Windows' WriteProcessMemory().