0

I am attaching a process with ptrace syscall. It is possible to read/write memory with peek and poke but i want to alloc some memory in the remote process. Is it possible to do this ?

Bob5421
  • 7,757
  • 14
  • 81
  • 175

1 Answers1

1

i want to alloc some memory in the remote process. Is it possible to do this ?

Presumably you want to allocate some memory using process's own malloc . Proof by existence:

(gdb) start
(gdb) print malloc(20)
$1 = 0x820430

So yes, it's possible.

The details are however quite messy: you'll need to read symbol table for the inferior process in order to find where it's malloc is, then construct a proper call frame and transfer control to mallocs address using correct ABI for your target process, and finally clean all of that up.

This is at least 10x harder than what you asked for in your other recent questions.

Community
  • 1
  • 1
Employed Russian
  • 199,314
  • 34
  • 295
  • 362
  • Great but how does this works ? If i want to program this in C ? (suppose the process is attached with ptrace syscall). Do you think i should change manually eip in order to call malloc then go back to previous eip ? – Bob5421 Jun 23 '16 at 05:40
  • "How does this work?" -- as I said, it's complicated. You can start by reading GDB sources, but be prepared for a *long* uphill battle. You'll want to look at `call_function_by_hand` in `infrun.c`. – Employed Russian Jun 23 '16 at 06:50
  • Depending on your need, you might trigger a `mmap` `MAP_ANONYMOUS` syscall instead. – ysdx Jun 24 '16 at 20:38
  • Is there anything wrong with [my answer](https://stackoverflow.com/a/75042559/52499)? – x-yuri Jan 07 '23 at 17:52