On Fri, May 02, 2008 at 03:13:13PM +0300, Shachar Shemesh wrote: > Hi all, > > I'm having some strange time with /proc/<pid>/mem. The manual page says: > > /proc/[number]/mem > > This file can be used to access the pages of a process's > >memory through open(2), read(2), and lseek(2). > Some digging through the internet reveals that that is, indeed, the > case, but the process doing the reading must be attached to the process > whose memory is being accessed as a debugger. Well, so far so good. > > However, when I go out to actually try it out (program at end of mail), > I can access the file as neither read nor write. Any attempt to read > from the file OR mmap it (PROT_READ or otherwise) results in "invalid > argument". > > I am running Debian Lenny with kernel 2.6.22-3-686. > > Any help appreciated.
Gcc sign-extends the "memory" pointer into a possibly-wrong value when casting to "off_t", which is signed. The subsequent read() therefore tries accessing an unmapped area in the victim process and fails. It also seems that /proc/<pid>/mem only supports read(). You need to change an #ifdef in fs/proc/base.c to support write(), and mmap() isn't supported at all. ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
