I have the following code tested on some Linux distros (Debian, Linux Mint...) and working, but under CentOS I get an error even I run it as root:
我在一些Linux发行版(Debian, Linux Mint…)上测试了下面的代码,并进行了工作,但是在CentOS系统下,即使我作为root用户运行也会出错:
#!/usr/bin/env python
import re
maps_file = open("/proc/18396/maps", 'r')
mem_file = open("/proc/18396/mem", 'r', 0)
for line in maps_file.readlines(): # for each mapped region
m = re.match(r'([0-9A-Fa-f]+)-([0-9A-Fa-f]+) ([-r])', line)
if m.group(3) == 'r': # if this is a readable region
start = int(m.group(1), 16)
end = int(m.group(2), 16)
mem_file.seek(start) # seek to region start
chunk = mem_file.read(end - start) # read region contents
print chunk, # dump contents to standard output
maps_file.close()
mem_file.close()
The script reads the process' memory and dumps the readable region. Under CentOS 5.4 x64 I get the following error:
该脚本读取进程的内存并转储可读区域。在CentOS 5.4 x64下,我得到以下错误:
Traceback (most recent call last):
File "./mem.py", line 11, in ?
chunk = mem_file.read(end - start) # read region contents
IOError: [Errno 3] No such process
The process is alive and readable:
这个过程是生动和可读的:
[root@localhost ~]# ps xa|grep 18396
18396 ? S 0:00 /usr/sbin/httpd
[root@localhost ~]# ls -al /proc/18396/maps && ls -al /proc/18396/mem
-r--r--r-- 1 root root 0 Jan 31 17:26 /proc/18396/maps
-rw------- 1 root root 0 Jan 31 17:26 /proc/18396/mem
any idea? I tried it under Python 2.4 and Python 2.7 works on Debian-like distros but not under CentOS.
任何想法?我在Python 2.4和Python 2.7下尝试过,在Debian-like distros上工作,但不使用CentOS。
1 个解决方案
#1
3
Found the answer myself after some digging:
经过一番挖掘,我找到了答案:
#!/usr/bin/env python
import ctypes, re, sys
## Partial interface to ptrace(2), only for PTRACE_ATTACH and PTRACE_DETACH.
c_ptrace = ctypes.CDLL("libc.so.6").ptrace
c_pid_t = ctypes.c_int32 # This assumes pid_t is int32_t
c_ptrace.argtypes = [ctypes.c_int, c_pid_t, ctypes.c_void_p, ctypes.c_void_p]
def ptrace(attach, pid):
op = ctypes.c_int(16 if attach else 17) #PTRACE_ATTACH or PTRACE_DETACH
c_pid = c_pid_t(pid)
null = ctypes.c_void_p()
err = c_ptrace(op, c_pid, null, null)
if err != 0: raise SysError, 'ptrace', err
pid = "18396"
ptrace(True, int(pid))
maps_file = open("/proc/"+pid+"/maps", 'r')
mem_file = open("/proc/"+pid+"/mem", 'r', 0)
for line in maps_file.readlines(): # for each mapped region
m = re.match(r'([0-9A-Fa-f]+)-([0-9A-Fa-f]+) ([-r])', line)
if m.group(3) == 'r': # if this is a readable region
start = int(m.group(1), 16)
end = int(m.group(2), 16)
mem_file.seek(start) # seek to region start
chunk = mem_file.read(end - start) # read region contents
print chunk, # dump contents to standard output
maps_file.close()
mem_file.close()
ptrace(False, int(pid))
#1
3
Found the answer myself after some digging:
经过一番挖掘,我找到了答案:
#!/usr/bin/env python
import ctypes, re, sys
## Partial interface to ptrace(2), only for PTRACE_ATTACH and PTRACE_DETACH.
c_ptrace = ctypes.CDLL("libc.so.6").ptrace
c_pid_t = ctypes.c_int32 # This assumes pid_t is int32_t
c_ptrace.argtypes = [ctypes.c_int, c_pid_t, ctypes.c_void_p, ctypes.c_void_p]
def ptrace(attach, pid):
op = ctypes.c_int(16 if attach else 17) #PTRACE_ATTACH or PTRACE_DETACH
c_pid = c_pid_t(pid)
null = ctypes.c_void_p()
err = c_ptrace(op, c_pid, null, null)
if err != 0: raise SysError, 'ptrace', err
pid = "18396"
ptrace(True, int(pid))
maps_file = open("/proc/"+pid+"/maps", 'r')
mem_file = open("/proc/"+pid+"/mem", 'r', 0)
for line in maps_file.readlines(): # for each mapped region
m = re.match(r'([0-9A-Fa-f]+)-([0-9A-Fa-f]+) ([-r])', line)
if m.group(3) == 'r': # if this is a readable region
start = int(m.group(1), 16)
end = int(m.group(2), 16)
mem_file.seek(start) # seek to region start
chunk = mem_file.read(end - start) # read region contents
print chunk, # dump contents to standard output
maps_file.close()
mem_file.close()
ptrace(False, int(pid))