1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
/* See LICENSE file for copyright and license details. */
#if !defined __x86_64__ || defined __IPL32__
# error "This program is only implemented for x86-64"
#endif
#include <sys/ptrace.h>
#include <sys/syscall.h>
#include <sys/uio.h>
#include <sys/user.h>
#include <sys/wait.h>
#include <ctype.h>
#include <errno.h>
#include <limits.h>
#include <signal.h>
#include <stdarg.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
/* Constants used in system calls */
#include <sys/epoll.h>
#include <sys/socket.h>
#include <fcntl.h>
#include "arg.h"
#include "list-errnos.h"
#ifndef ERESTARTSYS
# define ERESTARTSYS 512
# define ALSO_ERESTARTSYS
#endif
#ifndef ERESTARTNOINTR
# define ERESTARTNOINTR 513
# define ALSO_ERESTARTNOINTR
#endif
#ifndef ERESTARTNOHAND
# define ERESTARTNOHAND 514
# define ALSO_ERESTARTNOHAND
#endif
#ifndef ERESTART_RESTARTBLOCK
# define ERESTART_RESTARTBLOCK 516
# define ALSO_ERESTART_RESTARTBLOCK
#endif
enum type {
Unknown,
Void,
Int,
UInt,
OInt,
XInt,
Long,
ULong,
OLong,
XLong,
LLong,
ULLong,
OLLong,
XLLong,
Ptr
};
enum state {
Normal,
Syscall,
CloneChild,
ForkChild,
VforkChild,
CloneParent,
ForkParent,
VforkParent,
Exec
};
struct process {
pid_t pid;
pid_t thread_group_leader;
struct process *next;
struct process *prev;
enum state state;
/* Syscall data */
unsigned long long int scall;
unsigned long long int args[6];
unsigned long long int ret;
enum type ret_type;
/* vfork(2) data */
struct process *continue_on_exit;
struct process *vfork_waiting_on;
};
/* consts.c */
const char *get_errno_name(int err);
/* memory.c */
char *get_string(pid_t pid, unsigned long int addr, size_t *lenp, const char **errorp);
int get_struct(pid_t pid, unsigned long int addr, void *out, size_t size, const char **errorp);
char *get_memory(pid_t pid, unsigned long int addr, size_t n, const char **errorp);
char *escape_memory(char *str, size_t m);
/* print.c */
void print_systemcall(struct process *proc);
void print_systemcall_exit(struct process *proc);
/* process.c */
void init_process_list(void);
struct process *find_process(pid_t pid);
struct process *add_process(pid_t pid, unsigned long int trace_options);
void remove_process(struct process *proc);
/* util.c */
void setup_trace_output(FILE *fp, int multiprocess);
void tprintf(struct process *proc, const char *fmt, ...);
_Noreturn void eprintf(const char *fmt, ...);
|