A program can only be traced by one process, so if it is being traced (before anyone else) by itself, it will not allow any other tracer to trace it (lots of workarounds here...). Additionally, when a trace is initiated a SIGSTOP is sent. Try installing a handler for SIGSTOP. It worked for me but I don't know why.
/* bliako modified https://reverseengineering.stackexchange.com/a/1931 for https://perlmonks.org/?node_id=3333;parent=1229102 KILL it with SIGKILL (kill -9) 29/01/2019 */ #include <stdio.h> #include <stdlib.h> #include <string.h> #include <sys/ptrace.h> #include <unistd.h> #include <signal.h> void intHandler(int sig) { printf("got signal %d\n", sig); } int main(void){ printf("my pid: %d\n", getpid()); char *e; if( (e=getenv("TRACEME")) != NULL && (strcmp(e,"0")==0) ){ printf("Will not be traced...\n"); signal(SIGSTOP, intHandler); if (ptrace(PTRACE_TRACEME, 0, 1, 0) == -1) { printf("don't trace me !!\n"); return 1; } } // normal execution for(int i=0;;i++){ printf("i=%d\n", i); sleep(1); } return 0; }
gcc tracee.c -o tracee && TRACEME=0 tracee strace -p <PID-from-traceed> strace: attach: ptrace(PTRACE_SEIZE, 11091): Operation not permitted
while tracee continues counting on
or
TRACEME=1 tracee strace -p <PID-from-tracee>
bw, bliako
ps. Please share your findings. Most answers are in the manual and let's keep to Perl less the reaper traces us. brrrrr
In reply to Re^3: Embed perl problem
by bliako
in thread Embed perl problem
by Noves Castro
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |