Changeset 2785 for neercs/trunkTweet

Timestamp:

Aug 27, 2008, 11:19:02 PM (12 years ago)

Author:

Pascal Terjan

Message:

• Fix grab to work again on systems using sysenter instead of int 80

Location:

neercs/trunk/src

Files:

• grab.c (modified) (3 diffs)
• mytrace.c (modified) (7 diffs)

neercs/trunk/src/grab.c

@@ -54 +54 @@
 
     child = mytrace_fork(parent);
+    mytrace_write(parent, 1, "\x1b]0;\x07", 5);
+    mytrace_write(parent, 1, "\x1b[1000l", 7);
+    mytrace_write(parent, 1, "\x1b[?12l\x1b[?25h", 12);
+    mytrace_write(parent, 1, "\n[Process stolen by neercs]\n", 28);
+    /* FIXME Reset the term */
+    mytrace_close(parent, 1);
+
+    mytrace_exit(parent, 0);
+    mytrace_detach(parent);
     pid = mytrace_getpid(child);
 
@@ -76 +85 @@
             continue;
 
-        debug("found pty %d", i);
-
-        if(i == 2)
-        {
-            mytrace_write(parent, i, "\x1b]0;\x07", 5);
-            mytrace_write(parent, i, "\x1b[1000l", 7);
-            mytrace_write(parent, i, "\x1b[?12l\x1b[?25h", 12);
-            mytrace_write(parent, i, "\n[Process stolen by neercs]\n", 28);
-        }
+        debug("found pty %d for pid %d", i, pid);
 
         ret = mytrace_close(child, i);
@@ -122 +123 @@
     debug("pid %ld has now sid %d", pid, getsid(pid));
 
-    mytrace_exit(parent, 0);
-    mytrace_detach(parent);
-
     /* Reopen PTY file descriptors */
     for(i = 0; i <= 2; i++)

neercs/trunk/src/mytrace.c

@@ -127 +127 @@
 #define STRINGIFY(x) X(x)
 
-#define SYSCALL_X86   0x80cd  /* CD 80 = int $0x80 */
-#define SYSCALL_AMD64 0x050fL /* 0F 05 = syscall */
+#define SYSCALL_X86     0x80cd  /* CD 80 = int $0x80 */
+#define SYSCALL_X86_NEW 0xf3eb  /* EB F3 = jmp <__kernel_vsyscall+0x3> */
+#define SYSENTER        0x340f  /* 0F 34 = sysenter */
+#define SYSCALL_AMD64   0x050fL /* 0F 05 = syscall */
 
 #if defined __x86_64__
@@ -481 +483 @@
     long oinst;
     int bits;
+    int offset = 2;
 
     if(call < 0 || call >= (long)(sizeof(syscallnames)/sizeof(*syscallnames)))
@@ -508 +511 @@
 
         oinst = ptrace(PTRACE_PEEKTEXT, t->pid, oldregs.RIP - 2, 0) & 0xffff;
+        fprintf(stderr, "%lx\n", oinst);
 
 #if defined __x86_64__
         if(oinst == SYSCALL_AMD64)
             break;
-        if(oinst == SYSCALL_X86)
+        if(oinst == SYSCALL_X86 || oinst == SYSCALL_X86_NEW)
         {
             bits = 32;
@@ -518 +522 @@
         }
 #else
-        if(oinst == SYSCALL_X86)
+        if(oinst == SYSCALL_X86 || oinst == SYSCALL_X86_NEW)
             break;
 #endif
@@ -528 +532 @@
         }
         waitpid(t->pid, NULL, 0);
-
         if(ptrace(PTRACE_SYSCALL, t->pid, NULL, 0) < 0)
         {
@@ -539 +542 @@
     print_registers(t->pid);
 
+    if(oinst == SYSCALL_X86_NEW)
+    {
+        /*  Get back to sysenter */
+        while((ptrace(PTRACE_PEEKTEXT, t->pid, oldregs.RIP - offset, 0) & 0xffff) != 0x340f)
+            offset++;
+        oldregs.ebp = oldregs.esp;
+    }
+
     regs = oldregs;
-    regs.RIP = regs.RIP - 2;
+    regs.RIP = regs.RIP - offset;
 #if defined __x86_64__
     if(bits == 64)
@@ -592 +603 @@
                 return -1;
             }
+            debug("PTRACE_GETEVENTMSG %d", t->child);
             continue;
         case PTRACE_EVENT_EXIT:
+            debug("PTRACE_EVENT_EXIT");
             /* The process is about to exit, don't do anything else */
             return 0;