How to debug a child process which is already under debug

1
votes

I have two process (Linux ELF): process A is a main process and B is a child process (A uses fork() to create B). A also uses ptrace to trace the B (like some kind of sandbox) catching the B’s int 3 instruction.

I want to use GDB to debug process B. When I tried GDB to attach the child process B, it shows an error that B is already under debug. So do I have a way to debug the child process which is already under another “debugger”?

In my case, A and B have interactions, I cannot directly patch or rewrite the code in A to disable ptrace function.

1
linuxdebugginggdbsandbox

1 Answers

0
votes

So do I have a way to debug the child process which is already under another “debugger”?

No.

Having a child that is ptrace'd by its parent, with non-trivial interaction between the two, is one of the few effective anti-debugging techniques.

To debug B, you would have to run it without A sandboxing it, and would have to replicate the interaction between A and B by "emulating" what process A normally does to process B through GDB.