Redirecting stderr of a running process
source link: https://drewdevault.com/2018/05/04/Redirecitng-stderr-of-running-process.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Redirecting stderr of a running process May 4, 2018 on Drew DeVault's blog
During the KDE sprint in Berlin, Roman Gilg leaned over to me and asked if I knew how to redirect the stderr of an already-running process to a file. I Googled it and found underwhelming answers using strace and trying to decipher the output by reading the write syscalls. Instead, I thought a gdb based approach would work better, and after putting the pieces together Roman insisted I wrote a blog post on the topic.
gdb, the GNU debugger, has two important features that make this possible:
- Attaching to running processes via
gdb -p - Executing arbitrary code in the target process space
With this it’s actually quite straightforward. The process is the following:
- Attach gdb to the running process
- Run
compile code -- dup2(open("/tmp/log", 65), 2)
The magic 65 here is the value of O_CREAT | O_WRONLY on Linux, which is easily
found with a little program like this:
#include <sys/stat.h>
#include <fcntl.h>
int main(int argc, char **argv) {
printf("%d\n", O_CREAT | O_WRONLY);
return 0;
}
2 is always the file descriptor assigned to stderr. What happens here is:
- Via
open, the file you want to redirect to is created. - Via
dup2, stderr is overwritten with this new file.
The compile code gdb command will compile some arbitrary C code and run the
result in the target process, presumably by mapping some executable RAM and
loading it in, then jumping to the blob. Closing gdb (control+d) will continue
the process, and it should start writing out to the file you created.
There are lots of other cool (and hacky) things you can do with gdb. I once disconnected someone from an internet radio by attaching gdb to nginx and closing their file descriptor, for example. Thanks to Roman for giving me the chance to write an interesting blog post on the subject!
Have a comment on one of my posts? Start a discussion in my public inbox by sending an email to ~sircmpwn/[email protected] [mailing list etiquette]
Articles from blogs I read Generated by openring
Go on ARM and Beyond
The industry is abuzz about non-x86 processors recently, so we thought it would be worth a brief post about Go’s support for them. It has always been important to us for Go to be portable, not overfitting to any particular operating sys…
via The Go Programming Language Blog December 17, 2020Status update, December 2020
Hi all! This status update is the 24th one, so it’s been 2 years I’ve started writing those now (ignoring a little hiatus). Time flies! This month I’ve invested a lot of time into wlroots. My main focus has been renderer v6, which has now been internally rol…
via emersion December 16, 2020What's cooking on Sourcehut? December 2020
A brisk wind of winter chill sets a stir down my spine, as I sit down with a fresh cup of coffee to yarn a story of careful engineering and passionate spirit that took place over the course of 30 days. The last 30 days. Cause this is the monthly “what’s cook…
via Blogs on Sourcehut December 15, 2020Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK