Skip to content
Snippets Groups Projects
Commit 1a7ccb7f authored by Christian Dietrich's avatar Christian Dietrich
Browse files

Dec 18 -- A Trace of Cookie Crumbs 

Article:  https://ibr.cs.tu-bs.de/advent/18-ptrace/
Workload: ~93 source-code lines
parent 3482e619
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
18-ptrace/Makefile 0 → 100644
+ 13
0
View file @ 1a7ccb7f
PROG = systrace
${PROG}: ${PROG}.c
gcc $< -o $@ -Wall -g
run: ${PROG}
./${PROG} ls -l
strace: ${PROG}
strace ./${PROG} ls -l
clean:
rm -f ./${PROG}
18-ptrace/systrace.c 0 → 100644
+ 40
0
View file @ 1a7ccb7f
#include <sys/ptrace.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>
#include <sys/syscall.h>
#include <linux/ptrace.h>
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <sys/eventfd.h>
#include <assert.h>
#include <string.h>
#define die(msg) do { perror(msg); exit(EXIT_FAILURE); } while(0)
// A table of system call names and argument counts
// This is only valid on x64 (AMD64)
#include "table.c"
// Print information about a system call (as strace also does it),
// which we got from PTRACE_GET_SYSCALL_INFO. This function also uses
// the system call table to print pretty syscall names.
void print_syscall(struct ptrace_syscall_info *info) {
printf("%s\n", names[__NR_write].name);
// FIXME: Handle info->op == PTRACE_SYSCALL_INFO_ENTRY
// FIXME: Handle info->op == PTRACE_SYSCALL_INFO_EXIT
}
int main(int argc, char *argv[]) {
if (argc == 1) {
fprintf(stderr, "usage: %s CMD [ARGS...]\n", argv[0]);
return -1;
}
// FIXME/child: Issue PTRACE_TRACEME
// FIXME/child: execvp(argv[1], &argv[1])
// FIXME/parent: Wait for the first SIGTRAP
// FIXME/parent: set PTRACE_O_TRACESYSGOOD option
// FIXME/parent: PTRACE_SYSCALL to the next syscall
// FIXME/parent: Use PTRACE_GET_SYSCALL_INFO to get details
}
18-ptrace/table.c 0 → 100644
+ 344
0
View file @ 1a7ccb7f
struct syscall_name {
int nr;
char * name;
int argc;
};
static struct syscall_name names[] = {
{0, "read", 3},
{1, "write", 3},
{2, "open", 3},
{3, "close", 1},
{4, "stat", 2},
{5, "fstat", 2},
{6, "lstat", 2},
{7, "poll", 3},
{8, "lseek", 3},
{9, "mmap", 6},
{10, "mprotect", 3},
{11, "munmap", 2},
{12, "brk", 1},
{13, "rt_sigaction", 4},
{14, "rt_sigprocmask", 4},
{15, "rt_sigreturn", 1},
{16, "ioctl", 3},
{17, "pread64", 4},
{18, "pwrite64", 4},
{19, "readv", 3},
{20, "writev", 3},
{21, "access", 2},
{22, "pipe", 1},
{23, "select", 5},
{24, "sched_yield", 0},
{25, "mremap", 5},
{26, "msync", 3},
{27, "mincore", 3},
{28, "madvise", 3},
{29, "shmget", 3},
{30, "shmat", 3},
{31, "shmctl", 3},
{32, "dup", 1},
{33, "dup2", 2},
{34, "pause", 0},
{35, "nanosleep", 2},
{36, "getitimer", 2},
{37, "alarm", 1},
{38, "setitimer", 3},
{39, "getpid", 0},
{40, "sendfile", 4},
{41, "socket", 3},
{42, "connect", 3},
{43, "accept", 3},
{44, "sendto", 6},
{45, "recvfrom", 6},
{46, "sendmsg", 3},
{47, "recvmsg", 3},
{48, "shutdown", 2},
{49, "bind", 3},
{50, "listen", 2},
{51, "getsockname", 3},
{52, "getpeername", 3},
{53, "socketpair", 4},
{54, "setsockopt", 5},
{55, "getsockopt", 5},
{56, "clone", 5},
{57, "fork", 0},
{58, "vfork", 0},
{59, "execve", 3},
{60, "exit", 1},
{61, "wait4", 4},
{62, "kill", 2},
{63, "uname", 1},
{64, "semget", 3},
{65, "semop", 3},
{66, "semctl", 4},
{67, "shmdt", 1},
{68, "msgget", 2},
{69, "msgsnd", 4},
{70, "msgrcv", 5},
{71, "msgctl", 3},
{72, "fcntl", 3},
{73, "flock", 2},
{74, "fsync", 1},
{75, "fdatasync", 1},
{76, "truncate", 2},
{77, "ftruncate", 2},
{78, "getdents", 3},
{79, "getcwd", 2},
{80, "chdir", 1},
{81, "fchdir", 1},
{82, "rename", 2},
{83, "mkdir", 2},
{84, "rmdir", 1},
{85, "creat", 2},
{86, "link", 2},
{87, "unlink", 1},
{88, "symlink", 2},
{89, "readlink", 3},
{90, "chmod", 2},
{91, "fchmod", 2},
{92, "chown", 3},
{93, "fchown", 3},
{94, "lchown", 3},
{95, "umask", 1},
{96, "gettimeofday", 2},
{97, "getrlimit", 2},
{98, "getrusage", 2},
{99, "sysinfo", 1},
{100, "times", 1},
{101, "ptrace", 4},
{102, "getuid", 0},
{103, "syslog", 3},
{104, "getgid", 0},
{105, "setuid", 1},
{106, "setgid", 1},
{107, "geteuid", 0},
{108, "getegid", 0},
{109, "setpgid", 2},
{110, "getppid", 0},
{111, "getpgrp", 0},
{112, "setsid", 0},
{113, "setreuid", 2},
{114, "setregid", 2},
{115, "getgroups", 2},
{116, "setgroups", 2},
{117, "setresuid", 3},
{118, "getresuid", 3},
{119, "setresgid", 3},
{120, "getresgid", 3},
{121, "getpgid", 1},
{122, "setfsuid", 1},
{123, "setfsgid", 1},
{124, "getsid", 1},
{125, "capget", 2},
{126, "capset", 2},
{127, "rt_sigpending", 2},
{128, "rt_sigtimedwait", 4},
{129, "rt_sigqueueinfo", 3},
{130, "rt_sigsuspend", 2},
{131, "sigaltstack", 2},
{132, "utime", 2},
{133, "mknod", 3},
{134, "uselib", 1},
{135, "personality", 1},
{136, "ustat", 2},
{137, "statfs", 2},
{138, "fstatfs", 2},
{139, "sysfs", 3},
{140, "getpriority", 2},
{141, "setpriority", 3},
{142, "sched_setparam", 2},
{143, "sched_getparam", 2},
{144, "sched_setscheduler", 3},
{145, "sched_getscheduler", 1},
{146, "sched_get_priority_max", 1},
{147, "sched_get_priority_min", 1},
{148, "sched_rr_get_interval", 2},
{149, "mlock", 2},
{150, "munlock", 2},
{151, "mlockall", 1},
{152, "munlockall", 0},
{153, "vhangup", 0},
{154, "modify_ldt", 3},
{155, "pivot_root", 2},
{156, "_sysctl", 1},
{157, "prctl", 6},
{158, "arch_prctl", 3},
{159, "adjtimex", 1},
{160, "setrlimit", 2},
{161, "chroot", 1},
{162, "sync", 0},
{163, "acct", 1},
{164, "settimeofday", 2},
{165, "mount", 5},
{166, "umount2", 2},
{167, "swapon", 2},
{168, "swapoff", 1},
{169, "reboot", 4},
{170, "sethostname", 2},
{171, "setdomainname", 2},
{172, "iopl", 2},
{173, "ioperm", 3},
{174, "create_module", 1},
{175, "init_module", 3},
{176, "delete_module", 2},
{177, "get_kernel_syms", 1},
{178, "query_module", 1},
{179, "quotactl", 4},
{180, "nfsservctl", 1},
{181, "getpmsg", 1},
{182, "putpmsg", 1},
{183, "afs_syscall", 1},
{184, "tuxcall", 1},
{185, "security", 1},
{186, "gettid", 0},
{187, "readahead", 3},
{188, "setxattr", 5},
{189, "lsetxattr", 5},
{190, "fsetxattr", 5},
{191, "getxattr", 4},
{192, "lgetxattr", 4},
{193, "fgetxattr", 4},
{194, "listxattr", 3},
{195, "llistxattr", 3},
{196, "flistxattr", 3},
{197, "removexattr", 2},
{198, "lremovexattr", 2},
{199, "fremovexattr", 2},
{200, "tkill", 2},
{201, "time", 1},
{202, "futex", 6},
{203, "sched_setaffinity", 3},
{204, "sched_getaffinity", 3},
{205, "set_thread_area", 1},
{206, "io_setup", 2},
{207, "io_destroy", 1},
{208, "io_getevents", 4},
{209, "io_submit", 3},
{210, "io_cancel", 3},
{211, "get_thread_area", 1},
{212, "lookup_dcookie", 3},
{213, "epoll_create", 1},
{214, "epoll_ctl_old", 1},
{215, "epoll_wait_old", 1},
{216, "remap_file_pages", 5},
{217, "getdents64", 3},
{218, "set_tid_address", 1},
{219, "restart_syscall", 0},
{220, "semtimedop", 4},
{221, "fadvise64", 4},
{222, "timer_create", 3},
{223, "timer_settime", 4},
{224, "timer_gettime", 2},
{225, "timer_getoverrun", 1},
{226, "timer_delete", 1},
{227, "clock_settime", 2},
{228, "clock_gettime", 2},
{229, "clock_getres", 2},
{230, "clock_nanosleep", 4},
{231, "exit_group", 1},
{232, "epoll_wait", 4},
{233, "epoll_ctl", 4},
{234, "tgkill", 3},
{235, "utimes", 2},
{236, "vserver", 1},
{237, "mbind", 6},
{238, "set_mempolicy", 3},
{239, "get_mempolicy", 5},
{240, "mq_open", 4},
{241, "mq_unlink", 1},
{242, "mq_timedsend", 5},
{243, "mq_timedreceive", 5},
{244, "mq_notify", 2},
{245, "mq_getsetattr", 3},
{246, "kexec_load", 4},
{247, "waitid", 5},
{248, "add_key", 4},
{249, "request_key", 4},
{250, "keyctl", 5},
{251, "ioprio_set", 3},
{252, "ioprio_get", 2},
{253, "inotify_init", 0},
{254, "inotify_add_watch", 3},
{255, "inotify_rm_watch", 2},
{256, "migrate_pages", 4},
{257, "openat", 4},
{258, "mkdirat", 3},
{259, "mknodat", 4},
{260, "fchownat", 5},
{261, "futimesat", 3},
{262, "newfstatat", 4},
{263, "unlinkat", 3},
{264, "renameat", 4},
{265, "linkat", 5},
{266, "symlinkat", 3},
{267, "readlinkat", 4},
{268, "fchmodat", 3},
{269, "faccessat", 3},
{270, "pselect6", 6},
{271, "ppoll", 5},
{272, "unshare", 1},
{273, "set_robust_list", 2},
{274, "get_robust_list", 3},
{275, "splice", 6},
{276, "tee", 4},
{277, "sync_file_range", 4},
{278, "vmsplice", 4},
{279, "move_pages", 6},
{280, "utimensat", 4},
{281, "epoll_pwait", 6},
{282, "signalfd", 3},
{283, "timerfd_create", 2},
{284, "eventfd", 1},
{285, "fallocate", 4},
{286, "timerfd_settime", 4},
{287, "timerfd_gettime", 2},
{288, "accept4", 4},
{289, "signalfd4", 4},
{290, "eventfd2", 2},
{291, "epoll_create1", 1},
{292, "dup3", 3},
{293, "pipe2", 2},
{294, "inotify_init1", 1},
{295, "preadv", 5},
{296, "pwritev", 5},
{297, "rt_tgsigqueueinfo", 4},
{298, "perf_event_open", 5},
{299, "recvmmsg", 5},
{300, "fanotify_init", 2},
{301, "fanotify_mark", 5},
{302, "prlimit64", 4},
{303, "name_to_handle_at", 5},
{304, "open_by_handle_at", 5},
{305, "clock_adjtime", 2},
{306, "syncfs", 1},
{307, "sendmmsg", 4},
{308, "setns", 2},
{309, "getcpu", 3},
{310, "process_vm_readv", 6},
{311, "process_vm_writev", 6},
{312, "kcmp", 5},
{313, "finit_module", 3},
{314, "sched_setattr", 3},
{315, "sched_getattr", 4},
{316, "renameat2", 5},
{317, "seccomp", 3},
{318, "getrandom", 3},
{319, "memfd_create", 2},
{320, "kexec_file_load", 5},
{321, "bpf", 3},
{322, "stub_execveat", 5},
{323, "userfaultfd", 1},
{324, "membarrier", 2},
{325, "mlock2", 3},
{326, "copy_file_range", 6},
{327, "preadv2", 6},
{328, "pwritev2", 6},
{329, "pkey_mprotect", 0},
{330, "pkey_alloc", 0},
{331, "pkey_free", 0},
{332, "statx", 0},
{333, "io_pgetevents", 0},
{334, "rseq", 0},
{335, "pkey_mprotect", 0},
};
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment