- roll-service.by

Tracing processes in UNIX

To date, we have reviewed the standard scheme of education processes in UNIX-e and interaction processes using a system of signals to each other. We discussed the organization of interaction processes using the so-called unnamed channel, the tool enables asynchronous transfer information from one process to another. These funds are related to processes.
Today we look at another basic function of the operating system UNIX, which supports trace processes. Tracing - this is an opportunity to manage a process of the implementation of another process. Let us consider the basic steps performed when debugging.
1. Setting the reference point.
2. Handling the situation with regard to joining reference point.
3. Read / write information in the Debug Programs.
4. Stop / otlazhivaemogo continuation of the process.
5. Stepping mode debugging (stopping Debug Programs after each instruction).
6. Transferring control to an arbitrary point Debug Programs.
7. Handling emergency stops (AVOST).

Here are seven positions, which have been implemented in almost any debugging tools, with up to add new items, in whatever system we were not working.
Now let's see, what means you can organize these functions in the operating system UNIX. There is a function ptrace.

ptrace (int op, int pid, int addr, int data);

The function ptrace overwhelmingly father works in process, and through the possibility of this function organized by the management of her son. In general, can not trace any process. To ensure that the process could draw to the sons of the process can ottsovskim driven process, process-son should be allowed to renew its trace. To do this at the beginning of the implementation of process-son must comply with an appeal to function ptrace code operations to zero (op = 0), which allows trace the process of-father. Since then, the sons of appeals to function ptrace can not be. All management will be a father.
Consider what opportunities there are at the paternity process to manage her son. All features are determined by value op. Value pid - ID sons, a process that we want to trace.

op = 1 or op = 2 - ptrace returns words, the address of which is set parameter addr (ie, reading words from otlazhivaemogo process). It identifies two meanings op in the event that there is a separate address space for code and data segments (ie, you can read the data and code). In a system where addressing single in the process of value can be anything.

op = 3 - to read the information in the context of the process. Usually it comes to access to information in the context of this process, grouped in a certain structure. In this case, setting addr indicates shift on the start of this structure. In this structure provides information to which I have access via the function ptrace, in particular - registers, the current state of the process, address, etc.

op = 4 or op = 5 - to record data, located in the parameter data, at addr. If an error occurs, ptrace returns -1 (specify errno).

op = 6 - to record data from the data in the context of a shift addr. This means that you can read the registers trassiruemogo process and if necessary amend their content (including address the team, that is to make the transition).

op = 7 - trassiruemogo continuation of the process. The operation hitraya. The trick is as follows. Let trassiruemy process for some reason was stopped, for example, because of signal arrival, the father-await this event, using the wait and carries out any action is not running otlazhivaemy process. While the process may come signals from other processes. As in this case do with these signals? Here is just used to ptrace op = 7. If data = 0, the process which so far has been suspended (sons), continue to perform, and it all came down (and even raw) of the signals will be ignored. If the value of the data is number signal, it means that (the sons) will resume its implementation, and would be modeled situation of signal arrival of this number. All other signals will be ignored. Moreover, if addr = 1, the process will continue its execution from the point at which it is a life suspended. If addr> 1, then move to addr (goto addr).

op = 8 - trassiruemogo completion of the process.

op = 9 - Set bit trace. This is the same code, which provides step-by-step implementation of machine instructions. After each machine team in the event occurs, associated with signal SIG_TRAP.

This function we described in some model notation, ie ptrace in different systems may have several different interface part. In different systems, different access to the context.
All of the above function ptrace executed when stopped otlazhivaemom process (It can be stopped because of a mistake can be stopped with the arrival of the signal). In order for the paternity process can stop trassiruemy sons process can be completed the following actions. Paternity process sends a message to his son (in the son has already done ptrace c op = 0), suppose SIG_TRAP, and after sending a signal paternity process serves as a wait. After the first as a signal to reach the sons of the process and he stopped, his father process is the appropriate response code of the function wait. Since then, it is believed that trassiruemy process is stopped and can perform all the above steps.
Let us work promodeliruem debugger using the ptrace. We will not write a program, we simply on the fingers try to understand how to implement each of the functions of debugger. Let's call the paternity process debugger, and the sons of the process - Debug.
Setting the reference point.
It is believed that the debugger has some tables, which contains information about check-points.

Number Verification
a Address
checkpoint Saved
Machine word counter parishes
in reference point

When you install a control point using the ptrace happens next.
Debugger sets the reference point for some addresses.
reads the contents of otlazhivaemogo process here.
Record the contents of this (machine-word) to the table.
On this machine at the command writes that generate event associated with some fixed signal, for example, a team of division by zero.

Then you can start otlazhivaemy process. At a time when the administration to move to the otlazhivaemom of the address to which we have set benchmarks that will happen interruption of our program and will happen some events related to the known signal.
For debugging it will be seen well. He started otlazhivaemy process (ptrace (7 ,...)), and appealed to the functions wait (waiting for developments in otlazhivaemom process). Once the event took place (ie arrived signal) debugger watches, is not the same whether the signal from the signal, which is associated with the arrival in the reference point. If not, then appropriate action will debugger that signal (any).
If the signal is the same, that is a suspicion that we came to the reference point. In this case the debugger reads the content of the address at which the process was stopped. If this address coincided with one of the addresses of the control points in the table debugger, it means that we've come to the reference point (and division by zero in fact - control point). If the debugger has not found the appropriate address, it means that actually happened division by zero and the debugger must comply with any of the (processing AVOSTa).
If the debugger recorded reference point, he can perform any action to debug the program. When something comes the need to continue with the program and let that we would like to keep this reference point. Debugger makes the following. It restores the original content of speech engine, which takes from the table. Then, includes tracking mode and starts the program with the interrupted address. Running a team and this immediately after it happens stop the process at the next team. After that, debugger restores the reference point (again enter the division by zero) and starts the process from the point of interruption (Exit trace).
Removing the reference point is also simple: the content is restored to the appropriate address from the table and released a string. You can make a reference point so that it worked, for example, only 10 times. To do this, add to the table even meter, which at every parish in the reference point will be deducted unit, and as soon as it is reduced to zero, control point will be automatically removed.

Read / write will not discuss - is understandable. Stop through the message signal, either through the emergence of developments in otlazhivaemom process continued - via a ptrace (7 ,...). Stepping mode debugging through ptrace (9 ,...). The transfer of management at any point - no problem. Handling emergency stops - the wait.
Here, with an accuracy of some details, organization targeted debugger, ie debugger, which operates addresses. If there is a need to debug in terms of high-level language, the debugger added tables from which you can determine the addresses and properties of variables and addresses of operators.
In this case, let's read the contents of linguistic variable program will be implemented as follows. Debugger turns to his table and looking for a string variable named Name. In the event that this variable exists and is located in the area of visibility and the existence of the table selected attributes this variable. If this variable mild static, it selects its address and we appeal to ptrace with the reading of the address. If this variable automatic, since it involves displacement on top of the stack. This means that to get to the contents of an automatic variable of context, we must read the top of the stack (this is a kind of address), then add to this address shift associated with an automatic variable, and is already on the result as an address read information from the process address space. The third option: a variable - registered. In this case, named Name is associated information that the variable is registered, but in this case, there will be the number registry, where it is located. To read information from the registers, I appeal to the reading of information out of context and read the appropriate registry.
Change contents of the can the same way, in accordance with the three options considered. Incidentally, in the language of Si, ad register variable really have the desire programmer that in good circumstances in the program and wish good programming to place this variable to register. Ie It will be available either on the register, and then it would really register, or it will be automatic.

Let's try to write a small example. We will write a program in the notation operating system Free BSD. For other operating systems need to clarify the role ptrace in manualah.

Debug Process

int main () / * This program is in the process, son SON * /
int i;
return i / 0;

The process - debugger

# iinclude <stdio.h>
# iinclude <unistd.h>
# iinclude <signal.h>
# iinclude <sys/types.h>
# iinclude <sys/ptrace.h>
# iinclude <sys/wait.h>
# iinclude <machine/reg.h>

int main (int argc, char * argv [])
pid_f pid;
int status;
struct reg REG;

switch (pid = fork ()) (/ * create a process in pid - response code * /
case -1: perror ( "Error fork"); exit (25); / * Handling errors * /
case 0: ptrace (PT_TRACE_ME, 0, 0, 0); execl ( "SON", "SON", 0);

/ * The son: allow debugging and loading process SON. In this happen suspension son before making the first team of the new body (or rather, it arises developments relating to the signal SIG_TRAP) * /

default: break; / * In the father: a way out of the switch * /

for (;;) (
wait (& status); / * waiting for the emergence of developments in the son of (signal SIG_TRAP) * /
ptrace (PT_GETREGS, pid, (caddr_t) & REG, 0) / * Read registers, for example, that their print * /
printf ( "EIP =% 0.8x \ + ESP =% 0.8x \ n", REG.r_eip, REG.r_esp); / * print registers EIP and ESP * /

if (WIFSTOPPED (status) | | WIFSIGNALED (status)) (/ * checking with the help of macro conditions functions wait, and if everything is fine, continue to deal with the cause of stopping the program * /
printf ( "Signals:");
switch (WSTOPSIG (status)) (/ * analyze code signal, which has been stopping * /
case SIGINT: printf ( "INT \ n"); break; / * displaying the cause of stopping * /
case SIGTRAP:. . . . . . break;
default: printf ( "% d", WSTOPSIG (status));

if (WSTOPSIG (status)! = SIGTRAP) exit (1) / * If the process is not stopped by SIGTRAP then exit * /
if (WIFEXITED (status)) (/ * check if the process was completed smoothly * /
printf ( "The process was completed, code =% d \ n", WEXITSTATUS (status));
exit (0);
ptrace (PT_CONTINUE, pid, (caddr_t) 1, 0) / * If you SIGTRAP, continuing process * /
) / * End for (;;) * /
exit (0);
We handled the situation and stop the situation normal completion of the process. In the first iteration cycle, we will stop the rain and the first signal SIGTRAP. At this signal, we list all the necessary information to us. Then, check, not over whether our normal process, and because it can not end well (he performs the division by zero), we turn to function ptrace, which will continue with the process interrupted their seats. We again get to wait. Here we have rain events associated with dividing by zero, and process this event. As a result, the standard output will fall two pieces of data: the first - to set the point of interruption, top of the stack and signal for the initial situation, and second - we have a block of the same information and code signal FPI (Float Point Interrupt) in the division by zero.
We recommend that you deal with this example and adapt to your cars at the workshop.


Visual work for the computer and its consequences
The choice of antivirus software for home computer
Determination of computers as an object of design
Desperate to know if he lies or fake?
Tips and Tricks - Picasa will
Erg-exercises to improve posture
Download Mozilla
Changing the design desktop
Safety Data
Repair & servicing Windows registry
Google on the Internet malicious software
Active Desktop Windows XP
Loss of information - whether it can be avoided?
"Trojan horse"
Learn the truth about your child doing surfing habits
Split Access database
The Office of visualization
Systemic and local bus
Components, Modules, mamboty in CMS Joomla
Mistakes Windows registry repair
IBM sends framework ACTF donated Eclipse
Downloading multiple operating systems
Automatic Generation of meaningful text of a possible?
Checking Software Licensing
Classification LAN (LCS)
The program 1S Salary and Personnel Management 8
On Legalization. Price Errors!
The signals under UNIX
Switches NetGear
Computer data as an object of criminal assault
Reduced-occupied Windows XP disk space
Crm, software
Computer technology and Genealogy
Classification of computers
Nosy about the habits of your guy online?
The story of software Escrow
Repair permissions for sluggish computer
Why work for a computer is harmful to human health
What file compression better?
The structure of the PC
The company Janet Systems Llc Presented Soa-Platform The exhibition E-Kazakhstan
Three Training from well-known vendors: Especially for antiviral Decisions
UAB Business Technology Conducted Integrated Automation Ltd. Insurance Company Amkopolis
Enabling Windows XP
Free software for everyone!
Fire systems company Satel now can be controlled by phone or Ethernet
Concentrators Fast Ethernet NetGear
Technical approaches to increase the security of the computer
The world software
Installing Systems Videonablyudeniya In Office
Linux set in motion devices: Now in the market
The attack at Infinity Gb V2 2