Changeset 2516 for neercs/trunk/src/mytrace.cTweet

Timestamp:

Jul 2, 2008, 4:35:26 PM (9 years ago)

Author:

sam

Message:

• Fork the grabbed process and exit the parent. Unfortunately for some reason it still survives as a zombie, there must be something wrong with the setsid/setpgid mechanism we use (maybe setpgrp is needed?).

File:

• neercs/trunk/src/mytrace.c (modified) (21 diffs)

neercs/trunk/src/mytrace.c

@@ -39 +39 @@
 static int memcpy_into_target(struct mytrace *t,
                               long dest, char const *src, size_t n);
-static long remote_syscall(pid_t pid, long call,
+static long remote_syscall(struct mytrace *t, long call,
                            long arg1, long arg2, long arg3);
 #   if defined DEBUG
@@ -53 +53 @@
 #define SYSCALL_X86   0x80cd  /* CD 80 = int $0x80 */
 #define SYSCALL_AMD64 0x050fL /* 0F 05 = syscall */
-
-#define MYCALL_OPEN     0
-#define MYCALL_CLOSE    1
-#define MYCALL_WRITE    2
-#define MYCALL_DUP2     3
-#define MYCALL_SETPGID  4
-#define MYCALL_SETSID   5
-#define MYCALL_KILL     6
 
 #if defined __x86_64__
@@ -84 +76 @@
 #endif
 
+#define MYCALL_OPEN     0
+#define MYCALL_CLOSE    1
+#define MYCALL_WRITE    2
+#define MYCALL_DUP2     3
+#define MYCALL_SETPGID  4
+#define MYCALL_SETSID   5
+#define MYCALL_KILL     6
+#define MYCALL_FORK     7
+#define MYCALL_EXIT     8
+
 #if defined __x86_64__
+/* from unistd_32.h on an amd64 system */
+int syscalls32[] = { 5, 6, 4, 63, 57, 66, 37, 2, 1 };
+int syscalls64[] =
+#else
 int syscalls32[] =
-    { 5, 6, 4, 63, 57, 66, 37 }; /* from unistd_32.h on an amd64 system */
-int syscalls64[] =
-#else
-int syscalls32[] =
 #endif
     { SYS_open, SYS_close, SYS_write, SYS_dup2, SYS_setpgid, SYS_setsid,
-      SYS_kill };
+      SYS_kill, SYS_fork, SYS_exit };
+
+char const *syscallnames[] =
+    { "open", "close", "write", "dup2", "setpgid", "setsid", "kill", "fork",
+      "exit" };
 
 struct mytrace
 {
-    pid_t pid;
+    pid_t pid, child;
 };
 
@@ -103 +109 @@
 #if defined USE_GRAB
     struct mytrace *t;
+    int status;
 
     if(ptrace(PTRACE_ATTACH, pid, 0, 0) < 0)
@@ -109 +116 @@
         return NULL;
     }
-    waitpid(pid, NULL, 0);
+    if(waitpid(pid, &status, 0) < 0)
+    {
+        perror("waitpid");
+        return NULL;
+    }
+    if(!WIFSTOPPED(status))
+    {
+        fprintf(stderr, "traced process was not stopped\n");
+        ptrace(PTRACE_DETACH, pid, 0, 0);
+        return NULL;
+    }
 
     t = malloc(sizeof(struct mytrace));
     t->pid = pid;
+    t->child = 0;
 
     return t;
+#else
+    errno = ENOSYS;
+    return NULL;
+#endif
+}
+
+struct mytrace* mytrace_fork(struct mytrace *t)
+{
+#if defined USE_GRAB
+    struct mytrace *child;
+
+    ptrace(PTRACE_SETOPTIONS, t->pid, NULL, PTRACE_O_TRACEFORK);
+    remote_syscall(t, MYCALL_FORK, 0, 0, 0);
+    waitpid(t->child, NULL, 0);
+
+    child = malloc(sizeof(struct mytrace));
+    child->pid = t->child;
+    child->child = 0;
+
+    return child;
 #else
     errno = ENOSYS;
@@ -128 +166 @@
 
     return 0;
+#else
+    errno = ENOSYS;
+    return -1;
+#endif
+}
+
+long mytrace_getpid(struct mytrace *t)
+{
+#if defined USE_GRAB
+    return t->pid;
 #else
     errno = ENOSYS;
@@ -154 +202 @@
     memcpy_into_target(t, regs.RSP, path, size);
 
-    ret = remote_syscall(t->pid, MYCALL_OPEN, regs.RSP, O_RDWR, 0755);
+    ret = remote_syscall(t, MYCALL_OPEN, regs.RSP, O_RDWR, 0755);
 
     /* Restore the data */
@@ -175 +223 @@
 {
 #if defined USE_GRAB
-    return remote_syscall(t->pid, MYCALL_CLOSE, fd, 0, 0);
+    return remote_syscall(t, MYCALL_CLOSE, fd, 0, 0);
 #else
     errno = ENOSYS;
@@ -203 +251 @@
     memcpy_into_target(t, regs.RSP, data, len);
 
-    ret = remote_syscall(t->pid, MYCALL_WRITE, fd, regs.RSP, len);
+    ret = remote_syscall(t, MYCALL_WRITE, fd, regs.RSP, len);
 
     /* Restore the data */
@@ -224 +272 @@
 {
 #if defined USE_GRAB
-    return remote_syscall(t->pid, MYCALL_DUP2, oldfd, newfd, 0);
+    return remote_syscall(t, MYCALL_DUP2, oldfd, newfd, 0);
 #else
     errno = ENOSYS;
@@ -234 +282 @@
 {
 #if defined USE_GRAB
-    return remote_syscall(t->pid, MYCALL_SETPGID, pid, pgid, 0);
+    return remote_syscall(t, MYCALL_SETPGID, pid, pgid, 0);
 #else
     errno = ENOSYS;
@@ -244 +292 @@
 {
 #if defined USE_GRAB
-    return remote_syscall(t->pid, MYCALL_SETSID, 0, 0, 0);
+    return remote_syscall(t, MYCALL_SETSID, 0, 0, 0);
 #else
     errno = ENOSYS;
@@ -254 +302 @@
 {
 #if defined USE_GRAB
-    return remote_syscall(t->pid, MYCALL_KILL, pid, sig, 0);
+    return remote_syscall(t, MYCALL_KILL, pid, sig, 0);
+#else
+    errno = ENOSYS;
+    return -1;
+#endif
+}
+
+int mytrace_exit(struct mytrace *t, int status)
+{
+#if defined USE_GRAB
+    ptrace(PTRACE_SETOPTIONS, t->pid, NULL, PTRACE_O_TRACEEXIT);
+    return remote_syscall(t, MYCALL_EXIT, status, 0, 0);
 #else
     errno = ENOSYS;
@@ -333 +392 @@
 }
 
-static long remote_syscall(pid_t pid, long call,
-                            long arg1, long arg2, long arg3)
+static long remote_syscall(struct mytrace *t, long call,
+                           long arg1, long arg2, long arg3)
 {
     /* Method for remote syscall:
@@ -347 +406 @@
     int bits;
 
-print_registers(pid);
+    if(call < 0 || call >= (long)(sizeof(syscallnames)/sizeof(*syscallnames)))
+    {
+        fprintf(stderr, "unknown remote syscall %li\n", call);
+        return -1;
+    }
+
+    debug("remote syscall %s(%lu, %lu, %lu)",
+          syscallnames[call], arg1, arg2, arg3);
+
+    print_registers(t->pid);
+
 #if defined __x86_64__
     bits = 64;
@@ -356 +425 @@
     for(;;)
     {
-        if(ptrace(PTRACE_GETREGS, pid, NULL, &oldregs) < 0)
+        if(ptrace(PTRACE_GETREGS, t->pid, NULL, &oldregs) < 0)
         {
             fprintf(stderr, "PTRACE_GETREGS failed\n");
@@ -362 +431 @@
         }
 
-        oinst = ptrace(PTRACE_PEEKTEXT, pid, oldregs.RIP - 2, 0) & 0xffff;
+        oinst = ptrace(PTRACE_PEEKTEXT, t->pid, oldregs.RIP - 2, 0) & 0xffff;
 
 #if defined __x86_64__
@@ -377 +446 @@
 #endif
 
-        if(ptrace(PTRACE_SYSCALL, pid, NULL, 0) < 0)
+        if(ptrace(PTRACE_SYSCALL, t->pid, NULL, 0) < 0)
         {
             perror("ptrace_syscall (1)");
             return -1;
         }
-        waitpid(pid, NULL, 0);
-
-        if(ptrace(PTRACE_SYSCALL, pid, NULL, 0) < 0)
+        waitpid(t->pid, NULL, 0);
+
+        if(ptrace(PTRACE_SYSCALL, t->pid, NULL, 0) < 0)
         {
             perror("ptrace_syscall (2)");
             return -1;
         }
-        waitpid(pid, NULL, 0);
-    }
-
-    print_registers(pid);
+        waitpid(t->pid, NULL, 0);
+    }
+
+    print_registers(t->pid);
 
     regs = oldregs;
@@ -413 +482 @@
     }
 
-    if(ptrace(PTRACE_SETREGS, pid, NULL, &regs) < 0)
+    if(ptrace(PTRACE_SETREGS, t->pid, NULL, &regs) < 0)
     {
         fprintf(stderr, "PTRACE_SETREGS failed\n");
@@ -419 +488 @@
     }
 
-    print_registers(pid);
-
-    if(ptrace(PTRACE_SINGLESTEP, pid, NULL, NULL) < 0)
-    {
-        fprintf(stderr, "PTRACE_SINGLESTEP failed\n");
-        return -1;
-    }
-    waitpid(pid, NULL, 0);
-
-    print_registers(pid);
-
-    if(ptrace(PTRACE_GETREGS, pid, NULL, &regs) < 0)
+    for(;;)
+    {
+        int status;
+
+        print_registers(t->pid);
+
+        if(ptrace(PTRACE_SINGLESTEP, t->pid, NULL, NULL) < 0)
+        {
+            fprintf(stderr, "PTRACE_SINGLESTEP failed\n");
+            return -1;
+        }
+        waitpid(t->pid, &status, 0);
+
+        if(WIFEXITED(status))
+            return 0;
+
+        if(!WIFSTOPPED(status) || WSTOPSIG(status) != SIGTRAP)
+            continue;
+
+        /* Fuck Linux: there is no macro for this */
+        switch((status >> 16) & 0xffff)
+        {
+        case PTRACE_EVENT_FORK:
+            if(ptrace(PTRACE_GETEVENTMSG, t->pid, 0, &t->child) < 0)
+            {
+                fprintf(stderr, "PTRACE_GETEVENTMSG failed\n");
+                return -1;
+            }
+            continue;
+        case PTRACE_EVENT_EXIT:
+            /* The process is about to exit, don't do anything else */
+            return 0;
+        }
+
+        break;
+    }
+
+    print_registers(t->pid);
+
+    if(ptrace(PTRACE_GETREGS, t->pid, NULL, &regs) < 0)
     {
         fprintf(stderr, "PTRACE_GETREGS failed\n");
@@ -436 +533 @@
     }
 
-    if(ptrace(PTRACE_SETREGS, pid, NULL, &oldregs) < 0)
+    if(ptrace(PTRACE_SETREGS, t->pid, NULL, &oldregs) < 0)
     {
         fprintf(stderr, "PTRACE_SETREGS failed\n");
         return -1;
     }
-    print_registers(pid);
-
-    debug("syscall %ld returned %ld", call, regs.RAX);
+    print_registers(t->pid);
+
+    debug("syscall %s returned %ld", syscallnames[call], regs.RAX);
 
     if((long)regs.RAX < 0)