How to Modify Eip's Tracee Forked Procee

How to modify EIP's tracee forked procee?

You're not modifying the EIP, you're adding something to the value of the instruction at EIP, and probably resulting in a bad address reference. To change EIP, use PTRACE_SETREGS

      wait(NULL);
      ptrace(PTRACE_GETREGS, child,NULL, ®s);
      printf("\n EIP @  0x %#lx\n",regs.eip);
      regs.eip += ???;
      ptrace(PTRACE_SETREGS, child, NULL, ®s);
      ptrace(PTRACE_CONT, child, NULL, NULL);

After forking, are global variables shared?

No and yes.

No, they are not shared in any way which is visible to the programmer; the processes can modify their own copies of the variables independently and they will change without any noticable effect on the other process(es) which are fork() parents, siblings or descendents.

But yes, the OS actually does share the pages initially, because fork implements copy-on-write which means that provided none of the processes modifies the pages, they are shared. This is, however, an optimisation which can be ignored.

If you wanted to have shared variables, put them in an anonymous shared mapping (see mmap()) in which case they really will get shared, with all the caveats which come with that.

How to Modify Eip's Tracee Forked Procee

How to modify EIP's tracee forked procee?

After forking, are global variables shared?

Related Topics

Leave a reply