How to trace a process for system calls?

后端 未结 4 698
醉话见心
醉话见心 2021-02-04 20:03

I am trying to code a program that traces itself for system calls. I am having a difficult time making this work. I tried calling a fork() to create an instance of itself (the c

4条回答
  •  后悔当初
    2021-02-04 20:44

    Just putting together what Chris Dodd said:

    #include      /* for read(), write(), close(), fork() */
    #include       /* for open() */
    #include 
    #include 
    #include 
    #include 
    #include 
    
    int main(int argc, char *argv[]) {
    pid_t child;
    int status;
    long orig_eax;
    child = fork();
    
    if (0 == child) 
    {
        ptrace(PTRACE_TRACEME, 0, NULL, NULL);
        raise(SIGCONT);
        if (argc != 3) {
           fprintf(stderr, "Usage: copy  \n"); 
           return 1;
        }
    
        int c;
        size_t file1_fd, file2_fd; 
        if ((file1_fd = open(argv[1], O_RDONLY)) < 0) {
           fprintf(stderr, "copy: can't open %s\n", argv[1]);
           return 1;
        }
    
        if ((file2_fd = open(argv[2], O_WRONLY | O_CREAT)) < 0) {
            fprintf(stderr, "copy: can't open %s\n", argv[2]);
            return 1;
        }
    
        while (read(file1_fd, &c, 1) > 0)
            write(file2_fd, &c, 1);
    }
    else
    {
        while(1){
            wait(&status);
            if(WIFSTOPPED(status) && WSTOPSIG(status) == SIGTRAP){
                orig_eax = ptrace(PTRACE_PEEKUSER, child, sizeof(long) * ORIG_EAX, NULL);
                printf("copy made a system call %ld\n", orig_eax);
            }
            if(WIFEXITED(status) || WIFSIGNALED(status)){
                break;
            }
    
            ptrace(PTRACE_SYSCALL, child, 0, 0);
        }           
    }
    return 0;
    }
    

提交回复
热议问题