Salman Khilji writes:

Hi:

I am writing an application that needs to read another process's memory without affecting the target processor whatsoever. This is different from a source line debugger that has to stop the application. Someone told me that on Solaris, you fopen /proc/<process-id> file, fseek to the correct offset, and then fread the required # of bytes.

On Linux, things a different. There is not /proc/<process-id> file. Rather /proc/<process-id> is a directory in which you find a file named mem. If I cat this file for a process, I get nothing.

Anyone got any idea how to read this file? I wrote this program, but it fails.

Yes, even Compaq Unix uses the /proc filesystem concept and it is different there as well. You will not be able to come with something that is not different on different architectures. That being said, the libgtop and gtop project for gnome has done a lot of work in trying to decipher /proc on linux. You should look there. Another place to look is in /usr/src/linux/Documentation/filesystems/proc.txt.

I also heard (but did not confirm) that on Linux, you must first attach to the target process using the ptrace function. But doing so, stops the execution of the running process----I don't want that. This would be unacceptable.

I am sure what you trying to do can be done, but I don't know specifically how to do it. Look in proc.txt and see if that clarifies things.

#include <stdio.h> #include <unistd.h> //#include <sys/ptrace.h>

int main() { FILE* pFile; char buffer[4]; int temp; float value;

pFile = fopen("/proc/1673/mem", "rb+");

if(pFile == 0) return -1;

// I got the address of a global variable in the // process from objdump temp = fseek(pFile, 0x8050b50, SEEK_SET);

// this call fails :-( temp = fread(buffer, 4, 1, pFile);

value = *((float*)(buffer));

return 0; }