7

I'm trying to use python and python ptrace to read the memory of an external process. I need to work entirely in python, and I've been trying to read and print out the memory of a process in linux.

So for example I've tried the following code, which keeps giving me IO errors:

proc_mem = open("/proc/%i/mem" % process.pid, "r")
print proc_mem.read()
proc_mem.close()

Mostly I just want to repeatedly dump the memory of a process and look for changes over time. If this is the correct way to do this, then what is my problem? OR is there a more appropriate way to do this?

rvorderm
  • 199
  • 3
  • 15
  • 5
    This appears to be answered, in detail, at http://unix.stackexchange.com/questions/6301/how-do-i-read-from-proc-pid-mem-under-linux – larsks Dec 10 '12 at 19:17
  • It seems like trying to read the /proc/%i/mem file is not really the way I want to do this. So the other half of my question stands I guess. Is there an appropriate way to do this in python, assuming that I may want to write to the process memory page? I'm using ptrace to start and stop the process. – rvorderm Dec 10 '12 at 19:34
  • This demo program given at this [link](http://www.mail-archive.com/fusil@lists.tuxfamily.org/msg00011.html): seems to be pretty closely related to what I'm trying to do, although I haven't been able to duplicate this quite yet. There is a function in ptrace that searches through a memory map for a byte string. – rvorderm Dec 10 '12 at 21:11
  • Still working on this issue in my *copious* free time. So let me be clearer in answer to larsks, I don't want to just read it, I need to be able to touch it in RAM as well. So I can user ptrace to attach to a process, start and stop etc, but I would like to know how I can reach into the memory space and flip some bits. – rvorderm Feb 19 '13 at 20:21

2 Answers2

2

Call a shell command from python - subprocess module

import subprocess

# ps -ux | grep 1842 (Assuming 1842 is the process id. replace with process id you get)

p1 = subprocess.Popen(["ps", "-ux"], stdout=subprocess.PIPE)
p2 = subprocess.Popen(["grep", "1842"], stdin=p1.stdout, stdout=subprocess.PIPE)
p1.stdout.close()  # Allow p1 to receive a SIGPIPE if p2 exits.
output = p2.communicate()[0]
print output

and parse through output to see its memory utilization

Sudheer
  • 99
  • 2
  • 2
    Parsing formatted output doesn't seem to be nearly as clean as using the /proc fs--which is exactly what it is intended for. – hexparrot Dec 10 '12 at 19:45
  • You are right. But depending on the scope of the requirement, isn't it easier to understand a command and parse it than to understand about proc file system?? If not, I guess the link provided by Iarsks answers the question well enough – Sudheer Dec 10 '12 at 20:12
  • This ended up being the closest I could come to what I was thinking of. And more importantly, sufficient for the project I was working on. – rvorderm Apr 17 '13 at 15:53
1

Mostly I just want to repeatedly dump the memory of a process and look for changes over time. If this is the correct way to do this, then what is my problem? OR is there a more appropriate way to do this?

You may be interested in gdb's reverse debugging, which records all changes to process memory. Here is the tutorial (google cache).

There is also Robert O'Callahan's Chronicle/Chronomancer work, if you want to play with the raw recording tools.

Community
  • 1
  • 1
Tobu
  • 24,771
  • 4
  • 91
  • 98
  • This was also an awesome answer. In fact it would have been my accepted answer except for having already finished my little project using Sudheer's answer. – rvorderm Apr 17 '13 at 15:56