aboutsummaryrefslogblamecommitdiffstats
path: root/sctrace.c
blob: f86d83008f44a14da2e9f84d00f2be0e5f56a728 (plain) (tree) 
ec04bfb

712f56f ^

ec04bfb



be1c092 ^

ec04bfb


ec04bfb



b3b9cf7 ^

ec04bfb




ec04bfb

712f56f ^

ec04bfb

712f56f ^

ec04bfb

261293d ^

712f56f ^











ec04bfb

712f56f ^


ec04bfb

712f56f ^



ec04bfb

712f56f ^


ec04bfb

712f56f ^

b3b9cf7 ^

261293d ^

712f56f ^



261293d ^









95e29b0 ^

261293d ^

ec04bfb

712f56f ^


ec04bfb

712f56f ^


95e29b0 ^

ec04bfb

712f56f ^

ec04bfb

261293d ^

defee52 ^

261293d ^


95e29b0 ^

261293d ^



b3b9cf7 ^

261293d ^





ec04bfb




be1c092 ^






































































21be28b ^

be1c092 ^










ec04bfb



712f56f ^

ec04bfb


be1c092 ^

261293d ^

ec04bfb

95e29b0 ^

ec04bfb

1a92b6b ^



261293d ^

ec04bfb




261293d ^

712f56f ^

261293d ^

b3b9cf7 ^



783dc9c ^

712f56f ^

ec04bfb







be1c092 ^


ec04bfb

712f56f ^

ec04bfb

be1c092 ^


1a92b6b ^

be1c092 ^

ec04bfb

ec04bfb



be1c092 ^


783dc9c ^

be1c092 ^


ec04bfb


be1c092 ^

712f56f ^


be1c092 ^




ec04bfb

ec04bfb

712f56f ^



ec04bfb

be1c092 ^








712f56f ^

be1c092 ^







261293d ^



be1c092 ^




261293d ^


cce6dac ^

be1c092 ^

ec04bfb





1

2

3
4
5

6

7
8

9
10
11

12

13
14
15
16

17

18

19

20

21

22

23
24
25
26
27
28
29
30
31
32
33

34

35
36

37

38
39
40

41

42
43

44

45

46

47

48
49
50

51
52
53
54
55
56
57
58
59

60

61

62

63
64

65

66
67

68

69

70

71

72

73

74
75

76

77
78
79

80

81
82
83
84
85

86
87
88
89

90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159

160

161
162
163
164
165
166
167
168
169
170

171
172
173

174

175
176

177

178

179

180

181

182
183
184

185

186
187
188
189

190

191

192

193
194
195

196

197

198
199
200
201
202
203
204

205
206

207

208

209

210
211

212

213

214

215
216
217

218
219

220

221
222

223
224

225

226
227

228
229
230
231

232

233

234
235
236

237

238
239
240
241
242
243
244
245

246

247
248
249
250
251
252
253

254
255
256

257
258
259
260

261
262

263

264

265
266
267
268
269

                                                         
                   


            
                                                                                                        

 


           
                                                                                                                       



                
           
                                    
 
                                     
 
                                   










                                                                                                  
 

                                       
 


                                                                                           
 

                                      
 
                     
                         
                        


                                                                                                  








                                                                                                          
                                                                                                   
                 
 

                                              
 

                                                                    
                                                                                           
 
                                     
                      
 
                  

                                                               
                                                                                           


                                      
                        




                                       



         





































































                                                                                                                              
                                                                       









                                                                                                                    


                           
                            

                             
                                                                    
                                     
 
                                                                
                  


                               
                 



                                         
                 
                                                    
                                                     


                                                     
                                 
                      






                                    

                           
                
                                 
               

                                                                      
                                                 
                                                                 
                


                      

                                                         
                                                

                                             

                  
                                                                

                                            



                                                                                              
                 
 


                                         
 







                                                                                                                                   
                                            






                                                                                                               


                                                       



                                                                                                                           

                                                      
                 
 




                      
/* See LICENSE file for copyright and license details. */
#include "common.h"


char *argv0;
static unsigned long int trace_options = PTRACE_O_EXITKILL | PTRACE_O_TRACESYSGOOD | PTRACE_O_TRACEEXEC;


static void
usage(void)
{
	fprintf(stderr, "usage: %s [-o trace-output-file] [-ft] (command | -0 command argv0) [argument] ...\n", argv0);
	exit(1);
}


static void
handle_syscall(struct process *proc)
{
	struct user_regs_struct regs;

	switch ((int)proc->state) {
	default:
		/* Get systemcall arguments */
		if (ptrace(PTRACE_GETREGS, proc->pid, NULL, &regs))
			eprintf("ptrace PTRACE_GETREGS %ju NULL <buffer>:", (uintmax_t)proc->pid);
		proc->scall = regs.orig_rax;
		proc->args[0] = regs.rdi;
		proc->args[1] = regs.rsi;
		proc->args[2] = regs.rdx;
		proc->args[3] = regs.r10;
		proc->args[4] = regs.r8;
		proc->args[5] = regs.r9;

		/* Print system call */
		print_systemcall(proc);

		/* Run system call */
		if (ptrace(PTRACE_SYSCALL, proc->pid, NULL, 0))
			eprintf("ptrace PTRACE_SYSCALL %ju NULL 0:", (uintmax_t)proc->pid);

		proc->state = Syscall;
		break;

	case Syscall:
	case CloneParent:
	case ForkParent:
		/* Get system call result */
		if (ptrace(PTRACE_GETREGS, proc->pid, NULL, &regs))
			eprintf("ptrace PTRACE_GETREGS %ju NULL <buffer>:", (uintmax_t)proc->pid);

		/* Get or set return */
		if (proc->state == Syscall) {
			proc->ret = regs.rax;
		} else {
			regs.rax = proc->ret;
			if (ptrace(PTRACE_SETREGS, proc->pid, NULL, &regs))
				eprintf("ptrace PTRACE_SETREGS %ju NULL <buffer>:", (uintmax_t)proc->pid);
			if (ptrace(PTRACE_SYSCALL, proc->pid, NULL, 0))
				eprintf("ptrace PTRACE_SYSCALL %ju NULL 0:", (uintmax_t)proc->pid);
		}

		/* Print system call result */
		print_systemcall_exit(proc);

		/* Make process continue and stop at next syscall */
		if (ptrace(PTRACE_SYSCALL, proc->pid, NULL, 0))
			eprintf("ptrace PTRACE_SYSCALL %ju NULL 0:", (uintmax_t)proc->pid);

		proc->state = Normal;
		break;

	case Exec:
	case VforkParent:
		if (ptrace(PTRACE_SYSCALL, proc->pid, NULL, 0))
			eprintf("ptrace PTRACE_SYSCALL %ju NULL 0:", (uintmax_t)proc->pid);
		proc->state = Syscall;
		break;

	case CloneChild:
	case ForkChild:
	case VforkChild:
		tprintf(proc, "= 0\n");
		proc->state = Normal;
		break;
	}
}


static void
handle_event(struct process *proc, int status)
{
	int trace_event, sig;
	unsigned long int event;
	struct process *proc2;

	sig = WSTOPSIG(status);
	trace_event = ((status >> 8) ^ SIGTRAP) >> 8;
	switch (trace_event) {

	case PTRACE_EVENT_VFORK:
		tprintf(proc, "\nProcess stopped by vfork until child exits or exec(2)s\n");
		/* fall thought */
	case PTRACE_EVENT_FORK:
	case PTRACE_EVENT_CLONE:
		if (ptrace(PTRACE_GETEVENTMSG, proc->pid, NULL, &event))
			eprintf("ptrace PTRACE_GETEVENTMSG %ju NULL <buffer>:", (uintmax_t)proc->pid);
		proc2 = add_process((pid_t)event, trace_options);
		if (trace_event == PTRACE_EVENT_CLONE)
			proc2->thread_leader = proc->pid;
		proc->ret = event;
		if (trace_event == PTRACE_EVENT_VFORK) {
			proc2->continue_on_exit = proc;
			proc->vfork_waiting_on = proc2;
			proc->state = VforkParent;
		} else {
			proc->state = trace_event == PTRACE_EVENT_CLONE ? CloneParent : ForkParent;
			handle_syscall(proc);
		}
		tprintf(proc2, "\nTracing new process\n");
		proc2->state = trace_event == PTRACE_EVENT_FORK ? ForkChild :
			trace_event == PTRACE_EVENT_VFORK ? VforkChild : CloneChild;
		handle_syscall(proc2);
		break;

	case PTRACE_EVENT_EXEC:
		proc->state = Exec;
		handle_syscall(proc);
		proc2 = proc->continue_on_exit;
		if (proc2) {
			proc->continue_on_exit = NULL;
			proc2->vfork_waiting_on = NULL;
			tprintf(proc2, "\nProcess continues due to exec(2) of vfork child\n");
			handle_syscall(proc2);
		}
		break;

	case PTRACE_EVENT_STOP:
		switch (sig) {
		case SIGSTOP:
		case SIGTSTP:
		case SIGTTIN:
		case SIGTTOU:
		stop_signal:
			tprintf(proc, "\nProcess stopped by signal %i (%s: %s)\n", sig, get_signum_name(sig), strsignal(sig));
			if (ptrace(PTRACE_LISTEN, proc->pid, NULL, 0))
				eprintf("ptrace PTRACE_LISTEN %ju NULL 0:", (uintmax_t)proc->pid);
			break;
		default:
			if (ptrace(PTRACE_SYSCALL, proc->pid, NULL, 0))
				eprintf("ptrace PTRACE_SYSCALL %ju NULL 0:", (uintmax_t)proc->pid);
			break;
		}
		break;

	default:
		abort();

	case 0:
		/* TODO ensure proper handling of signals (siginfo?) */
		if (ptrace(PTRACE_GETSIGINFO, proc->pid, 0, &(siginfo_t){0}))
			goto stop_signal;
		tprintf(proc, "\nProcess received signal %i (%s: %s)\n", sig, get_signum_name(sig), strsignal(sig));
		if (ptrace(PTRACE_SYSCALL, proc->pid, NULL, sig))
			eprintf("ptrace PTRACE_SYSCALL %ju NULL %i:", (uintmax_t)proc->pid, sig);
		break;
	}
}


int
main(int argc, char **argv)
{
	pid_t pid, orig_pid;
	char *outfile = NULL;
	FILE *outfp = stderr;
	int status, exit_code = 0, with_argv0 = 0, multiprocess = 0;
	struct process *proc, *proc2;

	/* TODO add option to trace signals with siginfo (-s) */
	ARGBEGIN {
	case '0':
		with_argv0 = 1;
		break;
	case 'o':
		if (outfile)
			usage();
		outfile = EARGF(usage());
		break;
	case 'f':
		trace_options |= PTRACE_O_TRACEFORK;
		trace_options |= PTRACE_O_TRACEVFORK;
		/* fall through */
	case 't':
		trace_options |= PTRACE_O_TRACECLONE;
		multiprocess = 1;
		break;
	default:
		usage();
	} ARGEND;
	if (!argc)
		usage();

	/* Start program to trace */
	orig_pid = fork();
	switch (orig_pid) {
	case -1:
		eprintf("fork:");
	case 0:
		if (raise(SIGSTOP))
			eprintf_and_kill(getppid(), "raise SIGSTOP:");
		execvp(*argv, &argv[with_argv0]);
		eprintf_and_kill(getppid(), "execvp %s:", *argv);
	default:
		break;
	}

	/* TODO need to reset signal handlers and mask */
	outfp = outfile ? xfopen(outfile, "wb") : stderr;
	setup_trace_output(outfp, multiprocess);
	init_process_list();
	add_process(orig_pid, trace_options);

	for (;;) {
		pid = waitpid(-1, &status, __WALL | WCONTINUED);
		if (pid < 0) {
			if (errno == ECHILD)
				return WEXITSTATUS(exit_code); /* TODO mimic kill by signal */
			if (errno == EINTR)
				continue;
			eprintf("waitpid -1 <buffer> __WALL:");
		}

		proc = find_process(pid);
		if (!proc)
			continue;

		if (WIFSTOPPED(status)) {
			if (WSTOPSIG(status) == (SIGTRAP | 0x80))
				handle_syscall(proc);
			else
				handle_event(proc, status);
		} else if (WIFCONTINUED(status)) {
			tprintf(proc, "\nProcess continued, presumably by signal %i (SIGCONT: %s)\n", SIGCONT, strsignal(SIGCONT));
		} else {
			if (pid == orig_pid)
				exit_code = status;
			if (WIFEXITED(status)) {
				tprintf(proc, "\nProcess exited with value %i\n", WEXITSTATUS(status));
			} else {
				tprintf(proc, "\nProcess terminated by signal %i (%s: %s)\n", WTERMSIG(status),
				        get_signum_name(WTERMSIG(status)), strsignal(WTERMSIG(status)));
			}
			proc2 = proc->continue_on_exit;
			remove_process(proc);
			if (proc2) {
				if (WIFEXITED(status))
					tprintf(proc2, "\nProcess continues due to exit of vfork child\n");
				else
					tprintf(proc2, "\nProcess continues due to abnormal termination of vfork child\n");
				handle_syscall(proc2);
			}
		}

	}

	fclose(outfp);
	return 0;
}
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-09-19 01:04:57 +0000