Описание тега ptrace
The ptrace() system call provides a means by which a parent process may observe and control the execution of another process, and examine and change its core image and registers.
Ptrace stands for Process-trace. And is used extensively by debuggers such as GDB and DBX, by tracing tools like strace and ltrace.
By attaching to another process we can have extensive control on the target which includes manipulation of
- File Descriptors
- Registers
- Memory
It can single-step through the target's code, can observe system calls and their results, and can manipulate the target's signal handlers and both receive and send signals on its behalf.
The ability to write into the target's memory allows not only its data store to be changed, but also the applications own code segment, allowing the controller to install breakpoints and patch the running code of the target.