Changeset 2505 for neercs/trunkTweet

Timestamp:

Jul 1, 2008, 1:26:30 AM (13 years ago)

Author:

Sam Hocevar

Message:

• Start refactoring grab.c: instead of writing code to the stack, we wait for a system call to be made and simply rewind eip/rip. Should now work on amd64, too.

Location:

neercs/trunk/src

Files:

• grab.c (modified) (12 diffs)
• neercs.h (modified) (3 diffs)
• term.c (modified) (1 diff)

neercs/trunk/src/grab.c

@@ -23 +23 @@
 #include <unistd.h>
 
-#include "config.h"
-
 #if defined USE_GRAB
 #   include <sys/ioctl.h>
@@ -39 +37 @@
 #include "neercs.h"
 
+#define X(x) #x
+#define STRINGIFY(x) X(x)
+
 #if defined __x86_64__
 #   define RAX rax
@@ -46 +47 @@
 #   define RSP rsp
 #   define RIP rip
+#   define RDI rdi
+#   define RSI rsi
+#   define SYSCALL 0x050fL /* 0F 05 = syscall */
+#   define FMT "%016lx"
 #else
 #   define RAX eax
@@ -53 +58 @@
 #   define RSP esp
 #   define RIP eip
+#   define RDI edi
+#   define RSI esi
+#   define SYSCALL 0x80cd /* CD 80 = int $0x80 */
+#   define FMT "%08lx"
 #endif
 
 #if defined USE_GRAB
-static int memcpy_from_target(pid_t pid, void* dest, void* src, size_t n)
-{
+/* For debugging purposes only. Prints register and stack information. */
+static void print_registers(pid_t pid)
+{
+    union { long int l; unsigned char data[sizeof(long int)]; } inst;
+    struct user_regs_struct regs;
+    int i;
+
+    if(ptrace(PTRACE_GETREGS, pid, NULL, &regs) < 0)
+    {
+        perror("ptrace_getregs");
+        exit(errno);
+    }
+
+    fprintf(stderr, "  / %s: "FMT"   ", STRINGIFY(RAX), regs.RAX);
+    fprintf(stderr, "%s: "FMT"\n", STRINGIFY(RBX), regs.RBX);
+    fprintf(stderr, "  | %s: "FMT"   ", STRINGIFY(RCX), regs.RCX);
+    fprintf(stderr, "%s: "FMT"\n", STRINGIFY(RDX), regs.RDX);
+    fprintf(stderr, "  | %s: "FMT"   ", STRINGIFY(RDI), regs.RDI);
+    fprintf(stderr, "%s: "FMT"\n", STRINGIFY(RSI), regs.RSI);
+    fprintf(stderr, "  | %s: "FMT"   ", STRINGIFY(RSP), regs.RSP);
+    fprintf(stderr, "%s: "FMT"\n", STRINGIFY(RIP), regs.RIP);
+
+    inst.l = ptrace(PTRACE_PEEKTEXT, pid, regs.RIP - 4, 0);
+    fprintf(stderr, "  \\ code: ... %02x %02x %02x %02x <---> ",
+            inst.data[0], inst.data[1], inst.data[2], inst.data[3]);
+    inst.l = ptrace(PTRACE_PEEKTEXT, pid, regs.RIP, 0);
+    fprintf(stderr, "%02x %02x %02x %02x ...\n",
+            inst.data[0], inst.data[1], inst.data[2], inst.data[3]);
+
+    fprintf(stderr, "  \\ stack: ... ");
+    for(i = -16; i < 24; i += sizeof(long))
+    {
+        inst.l = ptrace(PTRACE_PEEKDATA, pid, regs.RSP + i, 0);
+#if defined __x86_64__
+        fprintf(stderr, "%02x %02x %02x %02x %02x %02x %02x %02x ",
+                inst.data[0], inst.data[1], inst.data[2], inst.data[3],
+                inst.data[4], inst.data[5], inst.data[6], inst.data[7]);
+#else
+        fprintf(stderr, "%02x %02x %02x %02x ",
+                inst.data[0], inst.data[1], inst.data[2], inst.data[3]);
+#endif
+        if(i == 0)
+            fprintf(stderr, "[%s] ", STRINGIFY(RSP));
+    }
+    fprintf(stderr, "...\n");
+}
+
+/* FIXME: this function and the following have alignment issues */
+static int memcpy_from_target(pid_t pid, void* dest, long src, size_t n)
+{
+    long *d = (long*)dest;
     unsigned int i;
-    long *d, *s;
-    d = (long*) dest;
-    s = (long*) src;
-    n /= sizeof(long);
-    for(i = 0; i < n; i++)
-    {
-        d[i] = ptrace(PTRACE_PEEKTEXT, pid, s + i, 0);
+
+    for(i = 0; i < n / sizeof(long); i++)
+    {
+        d[i] = ptrace(PTRACE_PEEKTEXT, pid, src + i * sizeof(long), 0);
         if(errno)
         {
-            perror("ptrace(PTRACE_PEEKTEXT)");
+            perror("ptrace_peektext");
             return -1;
         }
@@ -75 +130 @@
 }
 
-static int memcpy_into_target(pid_t pid, void* dest, void* src, size_t n)
-{
+static int memcpy_into_target(pid_t pid, long dest, void* src, size_t n)
+{
+    long *s = (long*) src;
     unsigned int i;
-    long *d, *s;
-    d = (long*) dest;
-    s = (long*) src;
+
     for(i = 0; i < n / sizeof(long); i++)
     {
-        if(ptrace(PTRACE_POKETEXT, pid, d + i, s[i]) == -1)
-        {
-            perror("ptrace(PTRACE_POKETEXT)");
+        if(ptrace(PTRACE_POKETEXT, pid, dest + i * sizeof(long), s[i]) == -1)
+        {
+            perror("ptrace_poketext");
             return -1;
         }
@@ -92 +146 @@
 }
 
-static int do_syscall(pid_t pid, struct user_regs_struct *regs)
+static long do_syscall(pid_t pid, long call, long arg1, long arg2, long arg3)
 {
     /* Method for remote syscall:
-     *  - store current register status into oregs
-     *  - move stack pointer to the next empty element
-     *  - store current read stack contents into oinst
-     *  - put CD 80 (int 0x80) into the stack
-     *  - set instruction pointer to the current stack address
-     *  - single step: execute instruction (int 0x80)
-     *  - get new register values
-     *  - restore old register values from oregs
-     *  - restore old stack contents from oinst */
-    struct user_regs_struct oregs;
+     *  - wait until the traced application exits from a syscall
+     *  - save registers
+     *  - rewind eip/rip to point on the syscall instruction
+     *  - single step: execute syscall instruction
+     *  - restore registers */
+    struct user_regs_struct regs, oldregs;
     long oinst;
 
-    if(ptrace(PTRACE_GETREGS, pid, NULL, &oregs) < 0)
+    for(;;)
+    {
+        if(ptrace(PTRACE_GETREGS, pid, NULL, &oldregs) < 0)
+        {
+            fprintf(stderr, "PTRACE_GETREGS failed\n");
+            return -1;
+        }
+
+        oinst = ptrace(PTRACE_PEEKTEXT, pid, oldregs.RIP - 2, 0) & 0xffff;
+
+        if(oinst == SYSCALL)
+            break;
+
+        if(ptrace(PTRACE_SYSCALL, pid, NULL, 0) < 0)
+        {
+            perror("ptrace_syscall (1)");
+            return -1;
+        }
+        waitpid(pid, NULL, 0);
+
+        if(ptrace(PTRACE_SYSCALL, pid, NULL, 0) < 0)
+        {
+            perror("ptrace_syscall (2)");
+            return -1;
+        }
+        waitpid(pid, NULL, 0);
+    }
+
+    regs = oldregs;
+    regs.RIP = regs.RIP - 2;
+    regs.RAX = call;
+#if defined __x86_64__
+    regs.RDI = arg1;
+    regs.RSI = arg2;
+    regs.RDX = arg3;
+#else
+    regs.RBX = arg1;
+    regs.RCX = arg2;
+    regs.RDX = arg3;
+#endif
+
+    if(ptrace(PTRACE_SETREGS, pid, NULL, &regs) < 0)
+    {
+        fprintf(stderr, "PTRACE_SETREGS failed\n");
+        return -1;
+    }
+
+    if(ptrace(PTRACE_SINGLESTEP, pid, NULL, NULL) < 0)
+    {
+        fprintf(stderr, "PTRACE_SINGLESTEP failed\n");
+        return -1;
+    }
+    waitpid(pid, NULL, 0);
+
+    if(ptrace(PTRACE_GETREGS, pid, NULL, &regs) < 0)
+    {
+        fprintf(stderr, "PTRACE_GETREGS failed\n");
+        return -1;
+    }
+
+    if(ptrace(PTRACE_SETREGS, pid, NULL, &oldregs) < 0)
+    {
+        fprintf(stderr, "PTRACE_SETREGS failed\n");
+        return -1;
+    }
+
+    debug("syscall %ld returned %ld", call, regs.RAX);
+
+    if((long)regs.RAX < 0)
+    {
+        errno = -(long)regs.RAX;
+        perror("syscall");
+        return -1;
+    }
+
+    return regs.RAX;
+}
+
+static int do_close(pid_t pid, int fd)
+{
+    return do_syscall(pid, SYS_close, fd, 0, 0);
+}
+
+static int do_dup2(pid_t pid, int oldfd, int newfd)
+{
+    return do_syscall(pid, SYS_dup2, oldfd, newfd, 0);
+}
+
+static int do_open(pid_t pid, char *path, int mode)
+{
+    char path_data[4096], backup_data[4096];
+    struct user_regs_struct regs;
+    long target_data;
+    size_t size = (strlen(path) + sizeof(long)) & ~(sizeof(long) - 1L);
+    int ret;
+
+    if(ptrace(PTRACE_GETREGS, pid, NULL, &regs) < 0)
     {
         fprintf(stderr, "PTRACE_GETREGS failed\n");
@@ -113 +259 @@
     }
 
-    regs->RSP = oregs.RSP - sizeof(long);
-
-    oinst = ptrace(PTRACE_PEEKTEXT, pid, regs->RSP, 0);
-    if(errno)
-    {
-        fprintf(stderr, "PTRACE_PEEKTEXT failed\n");
-        return errno;
-    }
-
-    if(ptrace(PTRACE_POKETEXT, pid, regs->RSP, (long)0x80cd) < 0) /* int 0x80 */
-    {
-        fprintf(stderr, "PTRACE_POKETEXT failed\n");
-        return errno;
-    }
-
-    regs->RIP = regs->RSP;
-
-    if(ptrace(PTRACE_SETREGS, pid, NULL, regs) < 0)
-    {
-        fprintf(stderr, "PTRACE_SETREGS failed\n");
-        return errno;
-    }
-
-    if(ptrace(PTRACE_SINGLESTEP, pid, NULL, NULL) < 0)
-    {
-        fprintf(stderr, "PTRACE_SINGLESTEP failed\n");
-        return errno;
-    }
-    waitpid(pid, NULL, 0);
-
-    if(ptrace(PTRACE_GETREGS, pid, NULL, regs) < 0)
-    {
-        fprintf(stderr, "PTRACE_GETREGS failed\n");
-        return errno;
-    }
-
-    if(ptrace(PTRACE_SETREGS, pid, NULL, &oregs) < 0)
-    {
-        fprintf(stderr, "PTRACE_SETREGS failed\n");
-        return errno;
-    }
-
-    if(ptrace(PTRACE_POKETEXT, pid, oregs.RSP - sizeof(long), oinst) < 0)
-    {
-        fprintf(stderr, "PTRACE_POKETEXT failed\n");
-        return errno;
-    }
-
-    return 0;
-}
-
-static int do_close(pid_t pid, int fd)
-{
-    struct user_regs_struct regs;
-    if(ptrace(PTRACE_GETREGS, pid, NULL, &regs) < 0)
-    {
-        fprintf(stderr, "PTRACE_GETREGS failed\n");
-        return errno;
-    }
-
-    regs.RAX = SYS_close;
-    regs.RBX = fd;
-
-    return do_syscall(pid, &regs);
-}
-
-static int do_dup2(pid_t pid, int oldfd, int newfd)
-{
-    struct user_regs_struct regs;
-    if(ptrace(PTRACE_GETREGS, pid, NULL, &regs) < 0)
-    {
-        fprintf(stderr, "PTRACE_GETREGS failed\n");
-        return errno;
-    }
-
-    regs.RAX = SYS_dup2;
-    regs.RBX = oldfd;
-    regs.RCX = newfd;
-
-    return do_syscall(pid, &regs);
-}
-
-static int do_open(pid_t pid, char *path, int mode, int *fd)
-{
-    struct user_regs_struct regs;
-    void *backup_page;
-    void *target_page = (void*)(0x08048000);
-    size_t size = (1 << 12); /* 4K */
-    int ret;
-
-    /* Backup the page that we will use */
-    backup_page = malloc(size);
-    if(memcpy_from_target(pid, backup_page, target_page, size) < 0)
-        return -1;
-
-    if(ptrace(PTRACE_GETREGS, pid, NULL, &regs) < 0)
-    {
-        fprintf(stderr, "PTRACE_GETREGS failed\n");
-        return errno;
-    }
+    target_data = (regs.RSP - size) & ~(sizeof(long) - 1L);
+
+    /* Backup the data that we will use */
+    if(memcpy_from_target(pid, backup_data, target_data, size) < 0)
+        return -1;
 
     /* +4 (or 8) because it's truncated on a multiple of 4 (or 8)
      * and we need 1 */
-    memcpy_into_target(pid, target_page, path, strlen(path) + sizeof(long));
-
-    regs.RAX = SYS_open;
-    regs.RBX = (long)target_page;
-    regs.RCX = O_RDWR;
-    regs.RDX = 0755;
-
-    if((ret = do_syscall(pid, &regs)) != 0)
-    {
-        return ret;
-    }
-
-    /* Restore the pages */
-    memcpy_into_target(pid, target_page, backup_page, size);
-
-    *fd  = regs.RAX;
-
-    return 0;
+    sprintf(path_data, "%s", path);
+    memcpy_into_target(pid, target_data, path_data, size);
+
+    ret = do_syscall(pid, SYS_open, target_data, O_RDWR, 0755);
+
+    /* Restore the datas */
+    memcpy_into_target(pid, target_data, backup_data, size);
+
+    if(ret < 0)
+    {
+        errno = ret;
+        return -1;
+    }
+
+    return ret;
 }
 
 static int do_setsid(pid_t pid)
 {
-    struct user_regs_struct regs;
-    int ret;
-
-    if(ptrace(PTRACE_GETREGS, pid, NULL, &regs) < 0)
-    {
-        fprintf(stderr, "PTRACE_GETREGS failed\n");
-        return errno;
-    }
+    long ret;
 
     debug("Running setsid on process %d (sid=%d)", pid, getsid(pid));
 
-    regs.RAX = SYS_setpgid;
-    regs.RBX = 0;
-    regs.RCX = getsid(pid);
-
-    if((ret = do_syscall(pid, &regs)) != 0)
+    ret = do_syscall(pid, SYS_setpgid, 0, getsid(pid), 0);
+    if(ret < 0)
     {
         fprintf(stderr, "syscall setpgid failed\n");
@@ -259 +297 @@
     }
 
-    if(regs.RAX != 0)
-    {
-        fprintf(stderr, "setpgid returned %ld\n", (long)regs.RAX);
-        return -regs.RAX;
-    }
-
-    regs.RAX = SYS_setsid;
-
-    if((ret = do_syscall(pid, &regs)) != 0)
+    if(ret != 0)
+    {
+        fprintf(stderr, "setpgid returned %ld\n", ret);
+        return -ret;
+    }
+
+    ret = do_syscall(pid, SYS_setsid, 0, 0, 0);
+    if(ret < 0)
     {
         fprintf(stderr, "syscall setsid failed\n");
@@ -275 +312 @@
     debug("pid %d has now sid %d", pid, getsid(pid));
 
-    if((long int)regs.RAX == -1L)
-    {
-        fprintf(stderr, "getsid failed\n");
-        return -regs.RAX;
-    }
-
     return 0;
 }
 #endif
 
-int grab_process(pid_t pid, char *ptyname, int ptyfd)
+int grab_process(long pid, char *ptyname, int ptyfd)
 {
 #if defined USE_GRAB
@@ -295 +326 @@
     debug("pty is %s", ptyname);
 
-    kill(pid, SIGSTOP);
     if(ptrace(PTRACE_ATTACH, pid, 0, 0) < 0)
     {
-        fprintf(stderr, "Cannot access process %d\n", pid);
+        fprintf(stderr, "Cannot access process %ld\n", pid);
         return errno;
     }
-    kill(pid, SIGCONT);
     waitpid(pid, NULL, 0);
 
     for(i = 0; i <= 2; i++)
     {
-        snprintf(fdstr, sizeof(fdstr), "/proc/%d/fd/%d", pid, i);
-        to_open[i]=0;
+        snprintf(fdstr, sizeof(fdstr), "/proc/%ld/fd/%d", pid, i);
+        to_open[i] = 0;
         lstat(fdstr, &stat_buf);
         if((stat_buf.st_mode & S_IRUSR) && (stat_buf.st_mode & S_IWUSR))
@@ -319 +348 @@
             continue;
 
-        if(!S_ISCHR(stat_buf.st_mode) || MAJOR(stat_buf.st_rdev) != UNIX98_PTY_SLAVE_MAJOR)
+        if(!S_ISCHR(stat_buf.st_mode)
+            || MAJOR(stat_buf.st_rdev) != UNIX98_PTY_SLAVE_MAJOR)
             continue;
 
-        debug("fd %d is a pty", i);
+        debug("found pty %d", i);
+
         if((ret = do_close(pid, i)))
         {
             fprintf(stderr, "do_close %s\n", strerror(ret));
         }
-        to_open[i]=1;
+        to_open[i] = 1;
     }
 
@@ -339 +370 @@
         if(!to_open[i])
             continue;
-        if((ret = do_open(pid, ptyname, mode, &fd)))
-        {
-            fprintf(stderr, "do_open %s\n", strerror(ret));
-        }
-        if((ret = do_dup2(pid, fd, i)))
-        {
-            fprintf(stderr, "do_dup2 %s\n", strerror(ret));
+        fd = do_open(pid, ptyname, mode);
+        if(fd < 0)
+        {
+            perror("do_open");
+        }
+        ret = do_dup2(pid, fd, i);
+        if(ret < 0)
+        {
+            perror("do_dup2");
         }
     }

neercs/trunk/src/neercs.h

@@ -15 +15 @@
 
 #include <stdint.h>
+
 #include <caca.h>
 
@@ -132 +133 @@
 
 int create_pty(char *cmd, unsigned int w, unsigned int h, int *cpid);
-int create_pty_grab(pid_t pid, unsigned int w, unsigned int h);
-int grab_process(pid_t pid, char *ptyname, int ptyfd);
+int create_pty_grab(long pid, unsigned int w, unsigned int h);
+int grab_process(long pid, char *ptyname, int ptyfd);
 
 long int import_term(struct screen_list *screen_list, struct screen *sc, void const *data, unsigned int size);
@@ -206 +207 @@
 int fill_config(struct screen_list *screen_list);
 
-#if 0
+#if 1
 #   define debug(f, z...) fprintf(stderr, f "\n", z)
 #else

neercs/trunk/src/term.c

@@ -582 +582 @@
 }
 
-int create_pty_grab(pid_t pid, unsigned int w, unsigned int h)
+int create_pty_grab(long pid, unsigned int w, unsigned int h)
 {
     int fdm, fds;