I'm trying to implement STRACE without options but I'm having a problem with SYSCALL arguments ex: SYSCALL 0 (read) in STRACE ->
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360q\2\0\0\0\0\0"..., 832) = 832
1 - I don't know exactly what is this string in the second argument.
2- When I try to return this string with PTRACE_PEEKTEXT, and put it into (char *) it does return the same as STRACE, but the problem with types, it returns integers some of them are printable and some of them is nonprintable ex : PEEK_TEXT: returned 0, I change it to ASCII then put it into the buffer; but sometimes PTRACE return an ASCII like 'E' 69 which is already printable. the problem is I don't know how to put the PEEK_TEXT return value correctly in a buffer
3- also in strace u see the values separated by '' but PEEK_TEXT never returned ''
The string in the second “argument” is the return value of the read call. It’s a weird sort of syntax for sure, but at least it’s consistently used in strace output. It doesn’t mean that read was supplied with this text as an argument.
As for the other question: see this q&a. PEEK_TEXT never returns anything but raw data. It has no interpretation as “numbers”, it’s not text unless you refer to the address at which there is some ascii text. You should not be interpreting the data in any way. Put it directly into the buffer (memcpy from a long variable that holds the return value), but do note that more than one byte is returned at a time.
The other question’s answers cover error checking.