1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
use crate::registers::RegistersData;
use nix::{
sys::{
ptrace,
signal::Signal,
wait::{waitpid, WaitStatus},
},
unistd::Pid,
};
use std::{fs::File, io::Write, os::unix::process::CommandExt, process::Command};
/// Exec the `command` value tracing it with `ptrace` lib
pub fn exec(command: &str) -> anyhow::Result<()> {
let params: Vec<&str> = command.split(' ').collect();
let mut command = Command::new(params[0]);
command.args(params[1..].iter());
unsafe {
command.pre_exec(|| ptrace::traceme().map_err(|e| e.into()));
}
command.exec();
Ok(())
}
/// Trace a process with `pid` ID
pub fn trace(pid: Pid, file_to_print: Option<String>) -> anyhow::Result<Vec<u8>> {
// Since you have to do 2 syscalls (start and end) you have to alternate the print value,
// because it could be equals except for the `rax` register.
let mut have_to_print = true;
// First wait for the parent process
_ = waitpid(pid, None)?;
// If `fiole_to_print` is not None, create a new file with that value for redirecting all the
// output (also in stdout)
let mut f = None;
if let Some(filename) = file_to_print {
f = Some(File::create(filename)?);
}
let mut lines = Vec::new();
loop {
have_to_print ^= true;
ptrace::syscall(pid, None)?;
let status = waitpid(pid, None)?;
match status {
// Break the loop if the process exists
WaitStatus::Exited(_pid, _) => {
break;
}
// Match the stopped value for a process
WaitStatus::Stopped(pid, signal) => {
match signal {
Signal::SIGTRAP => {
if have_to_print {
let reg = RegistersData::new(ptrace::getregs(pid)?);
writeln!(lines, "{}", reg.output())?;
if let Some(ref mut f) = f {
writeln!(f, "{}", reg.output())?;
}
}
}
_ => {}
};
}
_ => {}
};
}
Ok(lines)
}
|
