I have a linked list similar to this:
class MemoryCell
{
protected:
unsigned char* _address; // the address offset (in another process)
unsigned int _size; // the size of this memory block
unsigned char* _buffer; // the data
MemoryCell* _next; // points to next memory cell to form linked list
};
Then I have a MemoryMapper class which will hold the head. I want to get all of the memory cells in it.
// void MemoryMapper::MapAllCells(unsigned int procId)//
unsigned int offset = 0x0;
while (true)
{
long memoryData = ptrace(PTRACE_PEEKDATA, procId, offset);
if (memoryData == -1) break; // need to check for errno(3) too
// add new MemoryCell w/ data to head of linked list
// how to get next offset based on what was returned?
it breaks right away at address 0. I thought it might start at 0x0 for that process but I guess I need the real offset. But how can I get the next offset as well (based on size of previous)?
Hope it was clear but I can clarify if needed Thanks
You can't get this information from ptrace(); you can get it from /proc/PID/maps for the child process, though. Note that address 0 is typically not mapped, in order to catch NULL pointer references, and may not make sense for PTRACE_PEEKDATA (separate I and D isn't generally used these days, and in its absence address 0 is usually text, not data; whether the kernel bothers to distinguish, I don't know off the top of my head).