问题
Is there an equivalent of ReadProcessMemory windows function for reading (or writing) in another process memory ? I have tried to preload a shared library, i have also tried to debug (ptrace, peek and poke memory). It seems to work, but i am wondering if there is not a simplest way...
回答1:
Is there an equivalent of ReadProcessMemory
Yes: man ptrace (PTRACE_PEEKDATA, etc.)
The ptrace interface is generic to UNIX, and has nothing to do with ELF (i.e. it also works on systems that use COFF, or AOUT as their normal executable format).
Is this this simplest way?
It's the only way on most UNIX platforms.
On Linux, you could also read/write /proc/$pid/mem. Note however, that many kernels disable this for security reasons (having this file read/writable presents a huge security attack surface).
On Solaris, there has been a different /proc interface, but (as far as I can tell) it has not been adopted on any other system.
来源:https://stackoverflow.com/questions/38140775/elf-read-write-in-other-process-memory