Tracing processes in UNIX
To date, we have reviewed the standard scheme of education processes in UNIX-e and interaction processes using a system of signals to each other. We discussed the organization of interaction processes using the so-called unnamed channel, the tool enables asynchronous transfer information from one process to another. These funds are related to processes.
Today we look at another basic function of the operating system UNIX, which supports trace processes. Tracing - this is an opportunity to manage a process of the implementation of another process. Let us consider the basic steps performed when debugging.
1. Setting the reference point.
2. Handling the situation with regard to joining reference point.
3. Read / write information in the Debug Programs.
4. Stop / otlazhivaemogo continuation of the process.
5. Stepping mode debugging (stopping Debug Programs after each instruction).
6. Transferring control to an arbitrary point Debug Programs.
7. Handling emergency stops (AVOST).
Here are seven positions, which have been implemented in almost any debugging tools, with up to add new items, in whatever system we were not working.
Now let's see, what means you can organize these functions in the operating system UNIX. There is a function ptrace.
ptrace (int op, int pid, int addr, int data);
The function ptrace overwhelmingly father works in process, and through the possibility of this function organized by the management of her son. In general, can not trace any process. To ensure that the process could draw to the sons of the process can ottsovskim driven process, process-son should be allowed to renew its trace. To do this at the beginning of the implementation of process-son must comply with an appeal to function ptrace code operations to zero (op = 0), which allows trace the process of-father. Since then, the sons of appeals to function ptrace can not be. All management will be a father.
Consider what opportunities there are at the paternity process to manage her son. All features are determined by value op. Value pid - ID sons, a process that we want to trace.
• op = 1 or op = 2 - ptrace returns words, the address of which is set parameter addr (ie, reading words from otlazhivaemogo process). It identifies two meanings op in the event that there is a separate address space for code and data segments (ie, you can read the data and code). In a system where addressing single in the process of value can be anything.
• op = 3 - to read the information in the context of the process. Usually it comes to access to information in the context of this process, grouped in a certain structure. In this case, setting addr indicates shift on the start of this structure. In this structure provides information to which I have access via the function ptrace, in particular - registers, the current state of the process, address, etc.
• op = 4 or op = 5 - to record data, located in the parameter data, at addr. If an error occurs, ptrace returns -1 (specify errno).
• op = 6 - to record data from the data in the context of a shift addr. This means that you can read the registers trassiruemogo process and if necessary amend their content (including address the team, that is to make the transition).
• op = 7 - trassiruemogo continuation of the process. The operation hitraya. The trick is as follows. Let trassiruemy process for some reason was stopped, for example, because of signal arrival, the father-await this event, using the wait and carries out any action is not running otlazhivaemy process. While the process may come signals from other processes. As in this case do with these signals? Here is just used to ptrace op = 7. If data = 0, the process which so far has been suspended (sons), continue to perform, and it all came down (and even raw) of the signals will be ignored. If the value of the data is number signal, it means that (the sons) will resume its implementation, and would be modeled situation of signal arrival of this number. All other signals will be ignored. Moreover, if addr = 1, the process will continue its execution from the point at which it is a life suspended. If addr> 1, then move to addr (goto addr).
• op = 8 - trassiruemogo completion of the process.
• op = 9 - Set bit trace. This is the same code, which provides step-by-step implementation of machine instructions. After each machine team in the event occurs, associated with signal SIG_TRAP.
This function we described in some model notation, ie ptrace in different systems may have several different interface part. In different systems, different access to the context.
All of the above function ptrace executed when stopped otlazhivaemom process (It can be stopped because of a mistake can be stopped with the arrival of the signal). In order for the paternity process can stop trassiruemy sons process can be completed the following actions. Paternity process sends a message to his son (in the son has already done ptrace c op = 0), suppose SIG_TRAP, and after sending a signal paternity process serves as a wait. After the first as a signal to reach the sons of the process and he stopped, his father process is the appropriate response code of the function wait. Since then, it is believed that trassiruemy process is stopped and can perform all the above steps.
Let us work promodeliruem debugger using the ptrace. We will not write a program, we simply on the fingers try to understand how to implement each of the functions of debugger. Let's call the paternity process debugger, and the sons of the process - Debug.
Setting the reference point.
It is believed that the debugger has some tables, which contains information about check-points.
Number Verification
a Address
checkpoint Saved
Machine word counter parishes
in reference point
When you install a control point using the ptrace happens next.
• Debugger sets the reference point for some addresses.
• reads the contents of otlazhivaemogo process here.
• Record the contents of this (machine-word) to the table.
• On this machine at the command writes that generate event associated with some fixed signal, for example, a team of division by zero.
Then you can start otlazhivaemy process. At a time when the administration to move to the otlazhivaemom of the address to which we have set benchmarks that will happen interruption of our program and will happen some events related to the known signal.
For debugging it will be seen well. He started otlazhivaemy process (ptrace (7 ,...)), and appealed to the functions wait (waiting for developments in otlazhivaemom process). Once the event took place (ie arrived signal) debugger watches, is not the same whether the signal from the signal, which is associated with the arrival in the reference point. If not, then appropriate action will debugger that signal (any).
If the signal is the same, that is a suspicion that we came to the reference point. In this case the debugger reads the content of the address at which the process was stopped. If this address coincided with one of the addresses of the control points in the table debugger, it means that we've come to the reference point (and division by zero in fact - control point). If the debugger has not found the appropriate address, it means that actually happened division by zero and the debugger must comply with any of the (processing AVOSTa).
If the debugger recorded reference point, he can perform any action to debug the program. When something comes the need to continue with the program and let that we would like to keep this reference point. Debugger makes the following. It restores the original content of speech engine, which takes from the table. Then, includes tracking mode and starts the program with the interrupted address. Running a team and this immediately after it happens stop the process at the next team. After that, debugger restores the reference point (again enter the division by zero) and starts the process from the point of interruption (Exit trace).
Removing the reference point is also simple: the content is restored to the appropriate address from the table and released a string. You can make a reference point so that it worked, for example, only 10 times. To do this, add to the table even meter, which at every parish in the reference point will be deducted unit, and as soon as it is reduced to zero, control point will be automatically removed.
Read / write will not discuss - is understandable. Stop through the message signal, either through the emergence of developments in otlazhivaemom process continued - via a ptrace (7 ,...). Stepping mode debugging through ptrace (9 ,...). The transfer of management at any point - no problem. Handling emergency stops - the wait.
Here, with an accuracy of some details, organization targeted debugger, ie debugger, which operates addresses. If there is a need to debug in terms of high-level language, the debugger added tables from which you can determine the addresses and properties of variables and addresses of operators.
In this case, let's read the contents of linguistic variable program will be implemented as follows. Debugger turns to his table and looking for a string variable named Name. In the event that this variable exists and is located in the area of visibility and the existence of the table selected attributes this variable. If this variable mild static, it selects its address and we appeal to ptrace with the reading of the address. If this variable automatic, since it involves displacement on top of the stack. This means that to get to the contents of an automatic variable of context, we must read the top of the stack (this is a kind of address), then add to this address shift associated with an automatic variable, and is already on the result as an address read information from the process address space. The third option: a variable - registered. In this case, named Name is associated information that the variable is registered, but in this case, there will be the number registry, where it is located. To read information from the registers, I appeal to the reading of information out of context and read the appropriate registry.
Change contents of the can the same way, in accordance with the three options considered. Incidentally, in the language of Si, ad register variable really have the desire programmer that in good circumstances in the program and wish good programming to place this variable to register. Ie It will be available either on the register, and then it would really register, or it will be automatic.
Let's try to write a small example. We will write a program in the notation operating system Free BSD. For other operating systems need to clarify the role ptrace in manualah.
Debug Process
int main () / * This program is in the process, son SON * /
(
int i;
return i / 0;
)
The process - debugger
# iinclude <stdio.h>
# iinclude <unistd.h>
# iinclude <signal.h>
# iinclude <sys/types.h>
# iinclude <sys/ptrace.h>
# iinclude <sys/wait.h>
# iinclude <machine/reg.h>
int main (int argc, char * argv [])
(
pid_f pid;
int status;
struct reg REG;
switch (pid = fork ()) (/ * create a process in pid - response code * /
case -1: perror ( "Error fork"); exit (25); / * Handling errors * /
case 0: ptrace (PT_TRACE_ME, 0, 0, 0); execl ( "SON", "SON", 0);
/ * The son: allow debugging and loading process SON. In this happen suspension son before making the first team of the new body (or rather, it arises developments relating to the signal SIG_TRAP) * /
default: break; / * In the father: a way out of the switch * /
)
for (;;) (
wait (& status); / * waiting for the emergence of developments in the son of (signal SIG_TRAP) * /
ptrace (PT_GETREGS, pid, (caddr_t) & REG, 0) / * Read registers, for example, that their print * /
printf ( "EIP =% 0.8x \ + ESP =% 0.8x \ n", REG.r_eip, REG.r_esp); / * print registers EIP and ESP * /
if (WIFSTOPPED (status) | | WIFSIGNALED (status)) (/ * checking with the help of macro conditions functions wait, and if everything is fine, continue to deal with the cause of stopping the program * /
printf ( "Signals:");
switch (WSTOPSIG (status)) (/ * analyze code signal, which has been stopping * /
case SIGINT: printf ( "INT \ n"); break; / * displaying the cause of stopping * /
case SIGTRAP:. . . . . . break;
.
.
.
default: printf ( "% d", WSTOPSIG (status));
)
if (WSTOPSIG (status)! = SIGTRAP) exit (1) / * If the process is not stopped by SIGTRAP then exit * /
if (WIFEXITED (status)) (/ * check if the process was completed smoothly * /
printf ( "The process was completed, code =% d \ n", WEXITSTATUS (status));
exit (0);
)
ptrace (PT_CONTINUE, pid, (caddr_t) 1, 0) / * If you SIGTRAP, continuing process * /
) / * End for (;;) * /
exit (0);
)
We handled the situation and stop the situation normal completion of the process. In the first iteration cycle, we will stop the rain and the first signal SIGTRAP. At this signal, we list all the necessary information to us. Then, check, not over whether our normal process, and because it can not end well (he performs the division by zero), we turn to function ptrace, which will continue with the process interrupted their seats. We again get to wait. Here we have rain events associated with dividing by zero, and process this event. As a result, the standard output will fall two pieces of data: the first - to set the point of interruption, top of the stack and signal for the initial situation, and second - we have a block of the same information and code signal FPI (Float Point Interrupt) in the division by zero.
We recommend that you deal with this example and adapt to your cars at the workshop.
Статьи по теме:
Completed work on setting up a new product Alee Archive 3 for work with DBMSBlack Banner - Myth or Reality? How to Choose a Printer?Why is cleaning Windows registry neededFire systems company Satel now can be controlled by phone or EthernetThe reverse side of the coin Spyware Care home PC Ergonomic organization of the workplaceThe situation for the computerGeographic Information Systems (GIS) as a means of collecting and analyzing GeodannyhEnabling Windows XP3Ds Max 2008 (Rip)All font - Using Type1 I TruetypeConcentrators Fast Ethernet NetGearThe signals under UNIXLinux: Gentoo Vs Ubuntu FunctionalityThe structure design and generation of computers Technical approaches to increase the security of the computerOpportunities for Windows XPImplementation Crm Systems Quick Sales 2 The Company «Epos»Mobile Trade Optimum - Office Business RepresentativesTechnology Platform 1C: Enterprise 8 - Areas DevelopmentNosy about the habits of your guy online? Legal and technical documents Review of popular programs BackupThe device Netping Cooler Board Received At Warehouse Company Zao «Light Kommunikeyshn»Electrostatic Plotters Best Antivirus Automatic Generation of meaningful text of a possible?Crm system, introduction Crm SystemsThe history of personal computers Plotters DIRECT IMAGE Increases user rights The Office of visualizationNew Decision on the market SoaIBM sends framework ACTF donated EclipseHow Stress Editor In Word 2007Backing up data. Should I pay?Download Free Program is easy, but NevygodnoCrm, softwareTeam-quality design of computer Mikrokontrolleryne SystemThe structure of the PC The counterfeiting of computer informationRun WindowsPlotters BASED TERMOPEREDACHI Client accounting, Accounting orders - the most popular SoftwareAnimation on your computer deskOptimal cache lifetime for Joomla CMSSafety Data Inkjet Plotters (SP, INK-JET PLOTTER)Hackers, as the subjects of computer crimeErg-exercises to prevent PVPNVarieties of computer crimeProtection of information. Passwords At Rar archives