Re: Dump environment of a running process

[Arcadie Cracan <acracan at gmail dot com>]

În data de Joi 21 Ianuarie 2010 01:09:05 pm Ashley Pittman a scris:
> On 21 Jan 2010, at 07:14, Arcadie M. Cracan wrote:
> > I would like to make this from within a python script. I found a module
> > that I hoped would help me achieve this: ptrace. With this module I am
> > able to start a process, run it step-by-step (by calling
> > process.syscall() which is equivalent to a ptrace(PTRACE_SYSCALL,...) )
> > and save the environment by reading /proc/pid/environ.
>
> You are aware that you can just read this file from any process aren't you?

I intend to dump the environment of processes I don't have access to source 
code (i.e. I don't intend to modify the scripts so as to dump the environment 
they are running within).

>
> There is also a fundamental limitation of this file that it's only a page
> in size so it's fairly easy for the environment to spill over this limit
> and the file to be incomplete.
>

I wasn't aware of that.

> > The problem which I face now is that
> > /proc/pid/environ is not updated when the process defines new environment
> > variables, so I guess I will have to use ptrace(PTRACE_PEEKUSER,...) to
> > get this information. I don't have any clue on the way to determine the
> > address of the **environ variable. I was wondering if there is exposed
> > API in gdb that would help me in doing this.
>
> I have some perl code which was submitted to me to do this, it's not great
> code but does work, basically you want the __environ variable.  I've no
> idea if this is updated when the process updates it's environment via
> putenv, I have to say I thought things had changed so the /proc/pid/environ
> file itself was.
>
> Look for get_remove_env_bygdb() function:
> http://code.google.com/p/padb/source/detail?r=331
>

Thank you for your answer. I looked at the code and I figured it executes gdb 
and then send some commands to it. So, before trying to adapt it for python, I 
verified myself whether gdb can print the information I need.

So here is what I found:
- the gdb command "show environment" does not show the updated environment. It 
looks like it gives the same result as one would get looking into 
/proc/pid/environ;
- printing the content of the "__environ" variable seems to give the same 
result (actually I don't have much expertise in using gdb, I didn't know how 
to print an array of strings... so I explored it "manually" and might have 
missed something);
- issueing a "getenv()" call for a script-defined "MY_VAR" environment 
variable gives a result I don't know how to interpret: it returns an address 
which is "out of bounds", but a "getenv("SOMETHING")" where "SOMETHING" is an 
undefined variable returns a NULL pointer. I guess that the memory pages (is 
this the word?) aren't updated, but the result of the "call getenv("MY_VAR")" 
should be correct.

I'm pretty much stuck here. Is there any way to "pull" this info from the 
process' memory?

Arcadie