PTRACE(3C) Standard C Library Functions PTRACE(3C)

NAME


ptrace - allows a parent process to control the execution of a child
process

SYNOPSIS


#include <unistd.h>
#include <sys/types.h>

int ptrace(int request, pid_t pid, int addr, int data);


DESCRIPTION


The ptrace() function allows a parent process to control the execution of
a child process. Its primary use is for the implementation of breakpoint
debugging. The child process behaves normally until it encounters a
signal (see signal.h(3HEAD)), at which time it enters a stopped state and
its parent is notified by the wait(3C) function. When the child is in the
stopped state, its parent can examine and modify its "core image" using
ptrace(). Also, the parent can cause the child either to terminate or
continue, with the possibility of ignoring the signal that caused it to
stop.


The request argument determines the action to be taken by ptrace() and is
one of the following:

0
This request must be issued by the child process if it is to be
traced by its parent. It turns on the child's trace flag that
stipulates that the child should be left in a stopped state on
receipt of a signal rather than the state specified by func (see
signal(3C)). The pid, addr, and data arguments are ignored, and a
return value is not defined for this request. Peculiar results ensue
if the parent does not expect to trace the child.


The remainder of the requests can only be used by the parent process. For
each, pid is the process ID of the child. The child must be in a stopped
state before these requests are made.

1, 2
With these requests, the word at location addr in the address
space of the child is returned to the parent process. If
instruction and data space are separated, request 1 returns a
word from instruction space, and request 2 returns a word from
data space. If instruction and data space are not separated,
either request 1 or request 2 may be used with equal results. The
data argument is ignored. These two requests fail if addr is not
the start address of a word, in which case -1 is returned to the
parent process and the parent's errno is set to EIO.


3
With this request, the word at location addr in the child's user
area in the system's address space (see <sys/user.h>) is returned
to the parent process. The data argument is ignored. This request
fails if addr is not the start address of a word or is outside
the user area, in which case -1 is returned to the parent process
and the parent's errno is set to EIO.


4, 5
With these requests, the value given by the data argument is
written into the address space of the child at location addr. If
instruction and data space are separated, request 4 writes a word
into instruction space, and request 5 writes a word into data
space. If instruction and data space are not separated, either
request 4 or request 5 may be used with equal results. On
success, the value written into the address space of the child is
returned to the parent. These two requests fail if addr is not
the start address of a word. On failure -1 is returned to the
parent process and the parent's errno is set to EIO.


6
With this request, a few entries in the child's user area can be
written. data gives the value that is to be written and addr is
the location of the entry. The few entries that can be written
are the general registers and the condition codes of the
Processor Status Word.


7
This request causes the child to resume execution. If the data
argument is 0, all pending signals including the one that caused
the child to stop are canceled before it resumes execution. If
the data argument is a valid signal number, the child resumes
execution as if it had incurred that signal, and any other
pending signals are canceled. The addr argument must be equal to
1 for this request. On success, the value of data is returned to
the parent. This request fails if data is not 0 or a valid signal
number, in which case -1 is returned to the parent process and
the parent's errno is set to EIO.


8
This request causes the child to terminate with the same
consequences as exit(2).


9
This request sets the trace bit in the Processor Status Word of
the child and then executes the same steps as listed above for
request 7. The trace bit causes an interrupt on completion of one
machine instruction. This effectively allows single stepping of
the child.


To forestall possible fraud, ptrace() inhibits the set-user-ID facility
on subsequent calls to one of the exec family of functions (see exec(2)).
If a traced process calls one of these functions, it stops before
executing the first instruction of the new image showing signal SIGTRAP.

ERRORS


The ptrace() function will fail if:

EIO
The request argument is an illegal number.


EPERM
The calling process does not have appropriate privileges to
control the calling process. See proc(5).


ESRCH
The pid argument identifies a child that does not exist or has
not executed a ptrace() call with request 0.


USAGE


The ptrace() function is available only with the 32-bit version of
libc(3LIB). It is not available with the 64-bit version of this library.


The /proc debugging interfaces should be used instead of ptrace(), which
provides quite limited debugger support and is itself implemented using
the /proc interfaces. There is no actual ptrace() system call in the
kernel. See proc(5) for descriptions of the /proc debugging interfaces.

ATTRIBUTES


See attributes(7) for descriptions of the following attributes:


+--------------------+-----------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-----------------+
|Interface Stability | Standard |
+--------------------+-----------------+
|MT-Level | MT-Safe |
+--------------------+-----------------+

SEE ALSO


exec(2), exit(2), signal(3C), wait(3C), signal.h(3HEAD), libc(3LIB),
proc(5), attributes(7)

March 22, 2004 PTRACE(3C)