Victor Zandy <zandy@cs.wisc.edu> writes:
> For example, I find that if I make two calls like this
>
> ret = ptrace(PTRACE_ATTACH, pid, 0, 0);
> ret = ptrace(PTRACE_DETACH, pid, 0, 0);
>
> the second call will fail, with ESRCH.
...
> My guess is that the traced process has not had its state set to
> TASK_STOPPED before the second call to ptrace is executed. (Does the
> traced process need to be scheduled before it will change to
> TASK_STOPPED?)
>
> Does anyone know for sure why this happens?
Your guess is about right. A SIGSTOP is sent during the PTRACE_ATTACH
send_sig(SIGSTOP, child, 1);
and will complete (shortly) thereafter.
> Can anyone suggest a workaround that to allow me make one or
> more ptrace calls immediately after a PTRACE_ATTACH?
The parent has to do a wait4 to wait for the child to stop. (You could also
observe the stop by watching /proc/n/status, etc, but this isn't really
practical.)
--Mike
-- Any sufficiently adverse technology is indistinguishable from Microsoft.- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Mar 15 2000 - 21:00:17 EST