1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
|
use nix::{
sys::{
ptrace,
signal::Signal,
wait::{waitpid, WaitStatus},
},
unistd::Pid,
};
use std::{os::unix::process::CommandExt, process::Command};
/// Exec the `command` value tracing it with `ptrace` lib
pub fn exec(command: &String) -> anyhow::Result<()> {
let params: Vec<&str> = command.split(' ').collect();
let mut command = Command::new(params[0]);
command.args(params[1..].iter());
unsafe {
command.pre_exec(|| ptrace::traceme().map_err(|e| e.into()));
}
command.exec();
Ok(())
}
/// Trace a process with `pid` ID
pub fn trace(pid: Pid) -> anyhow::Result<()> {
// Since you have to do 2 syscalls (start and end) you have to alternate the print value,
// because it could be equals except for the `rax` register.
let mut have_to_print = true;
// First wait for the parent process
_ = waitpid(pid, None)?;
loop {
have_to_print ^= true;
ptrace::syscall(pid, None)?;
let status = waitpid(pid, None)?;
match status {
// Break the loop if the process exists
WaitStatus::Exited(_pid, _) => {
break;
}
// Match the stopped value for a process
WaitStatus::Stopped(pid, signal) => {
match signal {
Signal::SIGTRAP => {
let regs = ptrace::getregs(pid)?;
if have_to_print {
println!(
"{}({:x}, {:x}, {:x}, ...) = {:x}",
regs.orig_rax, regs.rdi, regs.rsi, regs.rdx, regs.rax,
);
}
}
_ => {}
};
}
_ => {}
};
}
Ok(())
}
|
