1 .\" $NetBSD: ptrace.2,v 1.2 1995/02/27 12:35:37 cgd Exp $
3 .\" This file is in the public domain.
9 .Nd process tracing and debugging
16 .Fn ptrace "int request" "pid_t pid" "caddr_t addr" "int data"
21 provides tracing and debugging facilities.
30 The tracing process must first attach to the traced process, and then
33 system calls to control the execution of the process, as well as access
34 process memory and register state.
35 For the duration of the tracing session, the traced process will be
37 with its parent process ID (and resulting behavior)
38 changed to the tracing process.
39 It is permissible for a tracing process to attach to more than one
40 other process at a time.
41 When the tracing process has completed its work, it must detach the
42 traced process; if a tracing process exits without first detaching all
43 processes it has attached, those processes will be killed.
45 Most of the time, the traced process runs normally, but when it
50 The tracing process is expected to notice this via
54 signal, examine the state of the stopped process, and cause it to
55 terminate or continue as appropriate.
56 The signal may be a normal process signal, generated as a result of
57 traced process behavior, or use of the
59 system call; alternatively, it may be generated by the tracing facility
60 as a result of attaching, stepping by the tracing
62 or an event in the traced process.
63 The tracing process may choose to intercept the signal, using it to
64 observe process behavior (such as
66 or forward the signal to the process if appropriate.
70 is the mechanism by which all this happens.
72 A traced process may report additional signal stops corresponding to
73 events in the traced process.
74 These additional signal stops are reported as
79 The tracing process can use the
81 request to determine which events are associated with a
86 Note that multiple events may be associated with a single signal.
87 For example, events indicated by the
92 flags are also reported as a system call exit event
94 The signal stop for a new child process enabled via
99 All other additional signal stops use
101 .Sh DETACH AND TERMINATION
103 Normally, exiting tracing process should wait for all pending
104 debugging events and then detach from all alive traced processes
108 If tracing process exits without detaching, for instance due to abnormal
109 termination, the destiny of the traced children processes is determined
111 .Dv kern.kill_on_debugger_exit
114 If the control is set to the default value 1, such traced processes
116 If set to zero, kernel implicitly detaches traced processes.
117 Traced processes are un-stopped if needed, and then continue the execution
121 signals queued to the traced children, which could be either generated by
122 not yet consumed debug events, or sent by other means, the later should
124 .Sh SELECTING THE TARGET
127 argument of the call specifies the target on which to perform
128 the requested operation.
129 For operations affecting the global process state, the process ID
130 is typically passed there.
131 Similarly, for operations affecting only a thread, the thread ID
134 Still, for global operations, the ID of any thread can be used as the
135 target, and system will perform the request on the process owning
137 If a thread operation got the process ID as
139 the system randomly selects a thread from among the threads owned
141 For single-threaded processes there is no difference between specifying
142 process or thread ID as the target.
146 subsystem provides rich facilities to manipulate other processes state.
147 Sometimes it may be desirable to disallow it either completely, or limit
149 The following controls are provided for this:
150 .Bl -tag -width security.bsd.unprivileged_proc_debug
151 .It Dv security.bsd.allow_ptrace
152 Setting this sysctl to zero makes
156 always as if the syscall is not implemented by the kernel.
157 .It Dv security.bsd.unprivileged_proc_debug
158 Setting this sysctl to zero disallows the use of
160 by unprivileged processes.
161 .It Dv security.bsd.see_other_uids
162 Setting this sysctl to zero prevents
164 requests from targeting processes with a real user identifier different
166 These requests will fail with error
168 .It Dv security.bsd.see_other_gids
169 Setting this sysctl to zero disallows
171 requests from processes that have no groups in common with the target process,
172 considering their sets of real and supplementary groups.
173 These requests will fail with error
175 .It Dv security.bsd.see_jail_proc
176 Setting this sysctl to zero disallows
178 requests from processes belonging to a different jail than that of the target
179 process, even if the requesting process' jail is an ancestor of the target
181 These requests will fail with error
183 .It Dv securelevel and init
186 process can only be traced with
188 if securelevel is zero.
189 .It Dv procctl(2) PROC_TRACE_CTL
190 Process can deny attempts to trace itself with
194 In this case requests return
200 Each traced process has a tracing event mask.
201 An event in the traced process only reports a
202 signal stop if the corresponding flag is set in the tracing event mask.
203 The current set of tracing event flags include:
204 .Bl -tag -width "Dv PTRACE_SYSCALL"
206 Report a stop for a successful invocation of
208 This event is indicated by the
213 .Vt "struct ptrace_lwpinfo" .
215 Report a stop on each system call entry.
216 This event is indicated by the
221 .Vt "struct ptrace_lwpinfo" .
223 Report a stop on each system call exit.
224 This event is indicated by the
229 .Vt "struct ptrace_lwpinfo" .
230 .It Dv PTRACE_SYSCALL
231 Report stops for both system call entry and exit.
233 This event flag controls tracing for new child processes of a traced process.
235 When this event flag is enabled,
236 new child processes will enable tracing and stop before executing their
238 The new child process will include the
243 .Vt "struct ptrace_lwpinfo" .
244 The traced process will report a stop that includes the
247 The process ID of the new child process will also be present in the
250 .Vt "struct ptrace_lwpinfo" .
251 If the new child process was created via
253 the traced process's stop will also include the
256 Note that new child processes will be attached with the default
258 they do not inherit the event mask of the traced process.
260 When this event flag is not enabled,
261 new child processes will execute without tracing enabled.
263 This event flag controls tracing of LWP
265 creation and destruction.
266 When this event is enabled,
267 new LWPs will stop and report an event with
269 set before executing their first instruction,
270 and exiting LWPs will stop and report an event with
272 set before completing their termination.
274 Note that new processes do not report an event for the creation of their
276 and exiting processes do not report an event for the termination of the
279 Report a stop event when a parent process resumes after a
282 When a thread in the traced process creates a new child process via
284 the stop that reports
288 occurs just after the child process is created,
289 but before the thread waits for the child process to stop sharing process
291 If a debugger is not tracing the new child process,
292 it must ensure that no breakpoints are enabled in the shared process
293 memory before detaching from the new child process.
294 This means that no breakpoints are enabled in the parent process either.
298 flag enables a new stop that indicates when the new child process stops
299 sharing the process memory of the parent process.
300 A debugger can reinsert breakpoints in the parent process and resume it
301 in response to this event.
302 This event is indicated by setting the
303 .Dv PL_FLAG_VFORK_DONE
307 The default tracing event mask when attaching to a process via
315 All other event flags are disabled.
320 argument specifies what operation is being performed; the meaning of
321 the rest of the arguments depends on the operation, but except for one
322 special case noted below, all
324 calls are made by the tracing process, and the
326 argument specifies the process ID of the traced process
327 or a corresponding thread ID.
332 .Bl -tag -width "Dv PT_GET_EVENT_MASK"
334 This request is the only one used by the traced process; it declares
335 that the process expects to be traced by its parent.
336 All the other arguments are ignored.
337 (If the parent process does not expect to trace the child, it will
338 probably be rather confused by the results; once the traced process
339 stops, it cannot be made to continue except via
341 When a process has used this request and calls
343 or any of the routines built on it
346 it will stop before executing the first instruction of the new image.
347 Also, any setuid or setgid bits on the executable being executed will
349 If the child was created by
355 flag specified, the debugging events are reported to the parent
359 .It Dv PT_READ_I , Dv PT_READ_D
360 These requests read a single
362 of data from the traced process's address space.
365 has allowed for machines with distinct address spaces for instruction
366 and data, which is why there are two requests: conceptually,
368 reads from the instruction space and
370 reads from the data space.
373 implementation, these two requests are completely identical.
376 argument specifies the address
377 (in the traced process's virtual address space)
378 at which the read is to be done.
379 This address does not have to meet any alignment constraints.
380 The value read is returned as the return value from
382 .It Dv PT_WRITE_I , Dv PT_WRITE_D
383 These requests parallel
387 except that they write rather than read.
390 argument supplies the value to be written.
392 This request allows reading and writing arbitrary amounts of data in
393 the traced process's address space.
396 argument specifies a pointer to a
397 .Vt "struct ptrace_io_desc" ,
398 which is defined as follows:
400 struct ptrace_io_desc {
401 int piod_op; /* I/O operation */
402 void *piod_offs; /* child offset */
403 void *piod_addr; /* parent offset */
404 size_t piod_len; /* request length */
408 * Operations in piod_op.
410 #define PIOD_READ_D 1 /* Read from D space */
411 #define PIOD_WRITE_D 2 /* Write to D space */
412 #define PIOD_READ_I 3 /* Read from I space */
413 #define PIOD_WRITE_I 4 /* Write to I space */
419 The actual number of bytes read or written is stored in
423 The traced process continues execution.
427 is an address specifying the place where execution is to be resumed
428 (a new value for the program counter),
430 .Po Vt caddr_t Pc Ns 1
431 to indicate that execution is to pick up where it left off.
435 provides a signal number to be delivered to the traced process as it
436 resumes execution, or 0 if no signal is to be sent.
438 The traced process is single stepped one instruction.
443 .Po Vt caddr_t Pc Ns 1 .
447 provides a signal number to be delivered to the traced process as it
448 resumes execution, or 0 if no signal is to be sent.
450 The traced process terminates, as if
454 given as the signal to be delivered.
456 This request allows a process to gain control of an otherwise
457 unrelated process and begin tracing it.
458 It does not need any cooperation from the process to trace.
462 specifies the process ID of the process to trace, and the other
463 two arguments are ignored.
464 This request requires that the target process must have the same real
465 UID as the tracing process, and that it must not be executing a setuid
466 or setgid executable.
467 (If the tracing process is running as root, these restrictions do not
469 The tracing process will see the newly-traced process stop and may
470 then control it as if it had been traced all along.
472 This request is like PT_CONTINUE, except that it does not allow
473 specifying an alternate place to continue execution, and after it
474 succeeds, the traced process is no longer traced and continues
477 This request reads the traced process's machine registers into the
486 This request is the converse of
488 it loads the traced process's machine registers from the
497 This request reads the traced process's floating-point registers into
507 This request is the converse of
509 it loads the traced process's floating-point registers from the
518 This request reads the traced process's debug registers into
528 This request is the converse of
530 it loads the traced process's debug registers from the
539 This request reads the registers from the traced process.
542 argument specifies the register set to read, with the
544 argument pointing at a
548 field points to a register set specific structure to hold the registers,
551 field holds the length of the structure.
553 This request writes to the registers of the traced process.
556 argument specifies the register set to write to, with the
558 argument pointing at a
562 field points to a register set specific structure to hold the registers,
565 field holds the length of the structure.
568 is NULL the kernel will return the expected length of the register set
569 specific structure in the
571 field and not change the target register set.
573 This request can be used to obtain information about the kernel thread,
574 also known as light-weight process, that caused the traced process to stop.
577 argument specifies a pointer to a
578 .Vt "struct ptrace_lwpinfo" ,
579 which is defined as follows:
581 struct ptrace_lwpinfo {
587 siginfo_t pl_siginfo;
588 char pl_tdname[MAXCOMLEN + 1];
590 u_int pl_syscall_code;
591 u_int pl_syscall_narg;
597 argument is to be set to the size of the structure known to the caller.
598 This allows the structure to grow without affecting older programs.
601 .Vt "struct ptrace_lwpinfo"
602 have the following meaning:
603 .Bl -tag -width indent -compact
607 Event that caused the stop.
608 Currently defined events are:
609 .Bl -tag -width "Dv PL_EVENT_SIGNAL" -compact
612 .It Dv PL_EVENT_SIGNAL
613 Thread stopped due to the pending signal
616 Flags that specify additional details about observed stop.
617 Currently defined flags are:
618 .Bl -tag -width indent -compact
620 The thread stopped due to system call entry, right after the kernel is entered.
621 The debugger may examine syscall arguments that are stored in memory and
622 registers according to the ABI of the current process, and modify them,
625 The thread is stopped immediately before syscall is returning to the usermode.
626 The debugger may examine system call return values in the ABI-defined registers
631 is set, this flag may be additionally specified to inform that the
632 program being executed by debuggee process has been changed by successful
633 execution of a system call from the
640 .Vt "struct ptrace_lwpinfo"
641 contains valid information.
642 .It Dv PL_FLAG_FORKED
643 Indicates that the process is returning from a call to
645 that created a new child process.
646 The process identifier of the new process is available in the
649 .Vt "struct ptrace_lwpinfo" .
651 The flag is set for first event reported from a new child which is
652 automatically attached when
656 This flag is set for the first event reported from a new LWP when
659 It is reported along with
661 .It Dv PL_FLAG_EXITED
662 This flag is set for the last event reported by an exiting LWP when
665 Note that this event is not reported when the last LWP in a process exits.
666 The termination of the last thread is reported via a normal process exit
668 .It Dv PL_FLAG_VFORKED
669 Indicates that the thread is returning from a call to
671 that created a new child process.
672 This flag is set in addition to
674 .It Dv PL_FLAG_VFORK_DONE
675 Indicates that the thread has resumed after a child process created via
677 has stopped sharing its address space with the traced process.
680 The current signal mask of the LWP
682 The current pending set of signals for the LWP.
683 Note that signals that are delivered to the process would not appear
684 on an LWP siglist until the thread is selected for delivery.
686 The siginfo that accompanies the signal pending.
694 The name of the thread.
696 The process identifier of the new child process.
703 .It Va pl_syscall_code
704 The ABI-specific identifier of the current system call.
705 Note that for indirect system calls this field reports the indirected
713 .It Va pl_syscall_narg
714 The number of arguments passed to the current system call not counting
715 the system call identifier.
716 Note that for indirect system calls this field reports the arguments
717 passed to the indirected system call.
726 This request returns the number of kernel threads associated with the
729 This request can be used to get the current thread list.
730 A pointer to an array of type
734 with the array size specified by
736 The return value from
738 is the count of array entries filled in.
740 This request will turn on single stepping of the specified process.
741 Stepping is automatically disabled when a single step trap is caught.
743 This request will turn off single stepping of the specified process.
745 This request will suspend the specified thread.
747 This request will resume the specified thread.
749 This request will set the
751 event flag to trace all future system call entries and continue the process.
756 arguments are used the same as for
759 This request will set the
761 event flag to trace all future system call exits and continue the process.
766 arguments are used the same as for
769 This request will set the
771 event flag to trace all future system call entries and exits and continue
777 arguments are used the same as for
779 .It Dv PT_GET_SC_ARGS
780 For the thread which is stopped in either
784 state, that is, on entry or exit to a syscall,
785 this request fetches the syscall arguments.
787 The arguments are copied out into the buffer pointed to by the
789 pointer, sequentially.
790 Each syscall argument is stored as the machine word.
791 Kernel copies out as many arguments as the syscall accepts,
795 .Vt struct ptrace_lwpinfo ,
796 but not more than the
798 bytes in total are copied.
800 Fetch the system call return values on exit from a syscall.
801 This request is only valid for threads stopped in a syscall
807 argument specifies a pointer to a
808 .Vt "struct ptrace_sc_ret" ,
809 which is defined as follows:
811 struct ptrace_sc_ret {
812 register_t sr_retval[2];
819 argument is set to the size of the structure.
821 If the system call completed successfully,
823 is set to zero and the return values of the system call are saved in
825 If the system call failed to execute,
827 field is set to a positive
830 If the system call completed in an unusual fashion,
832 is set to a negative value:
833 .Bl -tag -width Dv EJUSTRETURN -compact
835 System call will be restarted.
837 System call completed sucessfully but did not set a return value
844 .It Dv PT_FOLLOW_FORK
845 This request controls tracing for new child processes of a traced process.
850 is set in the traced process's event tracing mask.
855 is cleared from the traced process's event tracing mask.
857 This request controls tracing of LWP creation and destruction.
862 is set in the traced process's event tracing mask.
867 is cleared from the traced process's event tracing mask.
868 .It Dv PT_GET_EVENT_MASK
869 This request reads the traced process's event tracing mask into the
870 integer pointed to by
872 The size of the integer must be passed in
874 .It Dv PT_SET_EVENT_MASK
875 This request sets the traced process's event tracing mask from the
876 integer pointed to by
878 The size of the integer must be passed in
880 .It Dv PT_VM_TIMESTAMP
881 This request returns the generation number or timestamp of the memory map of
882 the traced process as the return value from
884 This provides a low-cost way for the tracing process to determine if the
885 VM map changed since the last time this request was made.
887 This request is used to iterate over the entries of the VM map of the traced
891 argument specifies a pointer to a
892 .Vt "struct ptrace_vm_entry" ,
893 which is defined as follows:
895 struct ptrace_vm_entry {
909 The first entry is returned by setting
912 Subsequent entries are returned by leaving
914 unmodified from the value returned by previous requests.
917 field can be used to detect changes to the VM map while iterating over the
919 The tracing process can then take appropriate action, such as restarting.
922 to a non-zero value on entry, the pathname of the backing object is returned
923 in the buffer pointed to by
925 provided the entry is backed by a vnode.
928 field is updated with the actual length of the pathname (including the
929 terminating null character).
932 field is the offset within the backing object at which the range starts.
933 The range is located in the VM space at
943 This request creates a coredump for the stopped program.
946 argument specifies a pointer to a
947 .Vt "struct ptrace_coredump" ,
948 which is defined as follows:
950 struct ptrace_coredump {
956 The fields of the structure are:
957 .Bl -tag -width pc_flags
959 File descriptor to write the dump to.
960 It must refer to a regular file, opened for writing.
963 The following flags are defined:
964 .Bl -tag -width PC_COMPRESS
966 Request compression of the dump.
968 Include non-dumpable entries into the dump.
971 flag of the process map entry, but device mappings are not dumped even with
976 Maximum size of the coredump.
977 Specify zero for no limit.
981 .Vt "struct ptrace_coredump"
985 Request to execute a syscall in the context of the traced process,
986 in the specified thread.
989 argument must point to the
990 .Vt "struct ptrace_sc_remote" ,
991 which describes the requested syscall and its arguments, and receives
994 .Vt "struct ptrace_sc_remote"
998 struct ptrace_sc_remote {
999 struct ptrace_sc_ret pscr_ret;
1007 contains the syscall number to execute, the
1009 is the number of supplied arguments, which are supplied in the
1012 Result of the execution is returned in the
1015 Note that the request and its result do not affect the returned value from
1016 the currently executed syscall, if any.
1018 .Sh PT_COREDUMP and PT_SC_REMOTE usage
1019 The process must be stopped before dumping or initiating a remote system call.
1020 A single thread in the target process is temporarily unsuspended
1021 in the kernel to perform the action.
1024 call fails before a thread is unsuspended, there is no event to
1027 If a thread was unsuspended, it will stop again before the
1029 call returns, and the process must be waited upon using
1031 to consume the new stop event.
1032 Since it is hard to deduce whether a thread was unsuspended before
1033 an error occurred, it is recommended to unconditionally perform
1041 and silently accept zero result from it.
1045 the selected thread must be stopped in the safe place, which is
1046 currently defined as a syscall exit, or a return from kernel to
1047 user mode (basically, a signal handler call place).
1050 status if attempt is made to execute remote syscall at unsafe stop.
1053 .Dv kern.trap_enotcap
1054 sysctl setting, nor the corresponding
1057 .Dv PROC_TRAPCAP_CTL_ENABLE
1058 are obeyed during the execution of the syscall by
1062 signal is not sent to a process executing in capability mode,
1063 which violated a mode access restriction.
1065 Note that due to the mode of execution for the remote syscall, in
1066 particular, the setting where only one thread is allowed to run,
1067 the syscall might block on resources owned by suspended threads.
1068 This might result in the target process deadlock.
1069 In this situation, the only way out is to kill the target.
1070 .Sh ARM MACHINE-SPECIFIC REQUESTS
1071 .Bl -tag -width "Dv PT_SETVFPREGS"
1072 .It Dv PT_GETVFPREGS
1075 machine state in the buffer pointed to by
1080 argument is ignored.
1081 .It Dv PT_SETVFPREGS
1084 machine state from the buffer pointed to by
1089 argument is ignored.
1091 .Sh x86 MACHINE-SPECIFIC REQUESTS
1092 .Bl -tag -width "Dv PT_GETXSTATE_INFO"
1093 .It Dv PT_GETXMMREGS
1094 Copy the XMM FPU state into the buffer pointed to by the
1097 The buffer has the same layout as the 32-bit save buffer for the
1101 This request is only valid for i386 programs, both on native 32-bit
1102 systems and on amd64 kernels.
1103 For 64-bit amd64 programs, the XMM state is reported as part of
1104 the FPU state returned by the
1110 argument is ignored.
1111 .It Dv PT_SETXMMREGS
1112 Load the XMM FPU state for the thread from the buffer pointed to
1115 The buffer has the same layout as the 32-bit load buffer for the
1121 this request is only valid for i386 programs.
1125 argument is ignored.
1126 .It Dv PT_GETXSTATE_INFO
1127 Report which XSAVE FPU extensions are supported by the CPU
1128 and allowed in userspace programs.
1131 argument must point to a variable of type
1132 .Vt struct ptrace_xstate_info ,
1133 which contains the information on the request return.
1134 .Vt struct ptrace_xstate_info
1135 is defined as follows:
1137 struct ptrace_xstate_info {
1138 uint64_t xsave_mask;
1144 field is a bitmask of the currently enabled extensions.
1145 The meaning of the bits is defined in the Intel and AMD
1146 processor documentation.
1149 field reports the length of the XSAVE area for storing the hardware
1150 state for currently enabled extensions in the format defined by the x86
1152 machine instruction.
1156 argument value must be equal to the size of the
1157 .Vt struct ptrace_xstate_info .
1159 Return the content of the XSAVE area for the thread.
1162 argument points to the buffer where the content is copied, and the
1164 argument specifies the size of the buffer.
1165 The kernel copies out as much content as allowed by the buffer size.
1166 The buffer layout is specified by the layout of the save area for the
1168 machine instruction.
1170 Load the XSAVE state for the thread from the buffer specified by the
1173 The buffer size is passed in the
1176 The buffer must be at least as large as the
1180 to allow the complete x87 FPU and XMM state load.
1181 It must not be larger than the XSAVE state length, as reported by the
1184 .Vt struct ptrace_xstate_info
1186 .Dv PT_GETXSTATE_INFO
1188 Layout of the buffer is identical to the layout of the load area for the
1190 machine instruction.
1192 Return the value of the base used when doing segmented
1193 memory addressing using the %fs segment register.
1196 argument points to an
1198 variable where the base value is stored.
1202 argument is ignored.
1206 request, but returns the base for the %gs segment register.
1208 Set the base for the %fs segment register to the value pointed to
1215 variable containing the new base.
1219 argument is ignored.
1223 request, but sets the base for the %gs segment register.
1225 .Sh PowerPC MACHINE-SPECIFIC REQUESTS
1226 .Bl -tag -width "Dv PT_SETVRREGS"
1230 machine state in the buffer pointed to by
1235 argument is ignored.
1239 machine state from the buffer pointed to by
1244 argument is ignored.
1245 .It Dv PT_GETVSRREGS
1246 Return doubleword 1 of the thread's
1248 registers VSR0-VSR31 in the buffer pointed to by
1253 argument is ignored.
1254 .It Dv PT_SETVSRREGS
1255 Set doubleword 1 of the thread's
1257 registers VSR0-VSR31 from the buffer pointed to by
1262 argument is ignored.
1265 Additionally, other machine-specific requests can exist.
1267 Most requests return 0 on success and \-1 on error.
1268 Some requests can cause
1272 as a non-error value, among them are
1276 which return the value read from the process memory on success.
1279 can be set to 0 before the call and checked afterwards.
1283 implementation always sets
1285 to 0 before calling into the kernel, both for historic reasons and for
1286 consistency with other operating systems.
1287 It is recommended to assign zero to
1289 explicitly for forward compatibility.
1293 system call may fail if:
1296 .Bl -bullet -compact
1298 No process having the specified process ID exists.
1301 .Bl -bullet -compact
1303 A process attempted to use
1310 was not one of the legal requests.
1317 was neither 0 nor a legal signal number.
1326 was attempted on a process with no valid register set.
1327 (This is normally true only of system processes.)
1330 was given an invalid value for
1332 This can also be caused by changes to the VM map of the process.
1338 was less than or equal to zero, or larger than the
1340 structure known to the kernel.
1344 provided to the x86-specific
1345 .Dv PT_GETXSTATE_INFO
1346 request was not equal to the size of the
1347 .Vt struct ptrace_xstate_info .
1351 provided to the x86-specific
1353 request was less than the size of the x87 plus the XMM save area.
1357 provided to the x86-specific
1359 request was larger than returned in the
1362 .Vt struct ptrace_xstate_info
1364 .Dv PT_GETXSTATE_INFO
1367 The base value, provided to the amd64-specific requests
1371 pointed outside of the valid user address space.
1372 This error will not occur in 32-bit programs.
1375 .Bl -bullet -compact
1378 was attempted on a process that was already being traced.
1380 A request attempted to manipulate a process that was being traced by
1381 some process other than the one making the request.
1386 specified a process that was not stopped.
1389 .Bl -bullet -compact
1394 attempted to manipulate a process that was not being traced at all.
1396 An attempt was made to use
1398 on a process in violation of the requirements listed under
1403 .Bl -bullet -compact
1406 previously returned the last entry of the memory map.
1407 No more entries exist.
1410 .Bl -bullet -compact
1417 request attempted to access an invalid address, or a memory allocation failure
1418 occurred when accessing process memory.
1420 .It Bq Er ENAMETOOLONG
1421 .Bl -bullet -compact
1424 cannot return the pathname of the backing object because the buffer is not big
1427 holds the minimum buffer size required on return.
1435 .Xr i386_clr_watch 3 ,
1436 .Xr i386_set_watch 3
1440 function appeared in