#include <kvm.h>
#include <sys/types.h>
#include <sys/ptrace.h>
#include <unistd.h>
#include <signal.h>
#include <stdio.h>
pid_t child;
kvm_t *kvm;
struct kinfo_proc *kproc;
child = fork();
if (child == -1)
{
/* fork( ) error */
}
else if (child == 0)
{
execl("/some/program", (char *) NULL);
}
kvm = kvm_open(NULL, "/dev/mem", NULL, O_RDONLY, NULL);
if (kvm == NULL)
{
/* kvm_open( ) error */
}
kproc = kvm_getprocs(kvm, KERN_PROC_PID, child, &rc);
if (kproc == NULL)
{
/* kvm_getprocs( ) error */
}
if (rc)
{
char *p = kproc->kp_eproc.e_vm.vm_daddr;
int data;
if (ptrace(PT_ATTACH, child, 0, 0) != 0)
{
/* ptrace( ) error */
}
kill(child, SIGSTOP);
wait(NULL);
errno = 0;
data = ptrace(PT_READ_D, child, p, 0);
if (data == -1 && errno != 0)
{
/* ptrace( ) error */
}
printf("Data segment start: %p\n", p);
printf("First %d bytes: %x\n", sizeof(data), data);
}
No hay comentarios:
Publicar un comentario