logo

mstrace

Small Linux strace(1) implementationgit clone https://anongit.hacktivis.me/git/mstrace.git/
commit: 1394b58c98283546139668e56c6d99937007d0b1
parent 1c62e9d59a65354e0cc3c4aee7694d14127ab163
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date:   Fri, 20 Dec 2024 01:08:16 +0100

print syscall at return time except for execve

Diffstat:

Mmstrace.c37++++++++++++++++++++++++++++++++-----
1 file changed, 32 insertions(+), 5 deletions(-)

diff --git a/mstrace.c b/mstrace.c @@ -7,9 +7,10 @@ #include <inttypes.h> // PRIu64 #include <linux/ptrace.h> // ptrace_syscall_info, __u64 #include <stdbool.h> -#include <stdio.h> // fprintf -#include <string.h> // strerror -#include <sys/ptrace.h> // ptrace() +#include <stdio.h> // fprintf +#include <string.h> // strerror +#include <sys/ptrace.h> // ptrace() +#include <sys/syscall.h> // SYS_* #include <sys/wait.h> #include <unistd.h> // getpid, fork, execvp @@ -71,6 +72,13 @@ main(int argc, char *argv[]) } bool neednl = false; + struct + { + __u64 nr; + __u64 args[6]; + } entry; + + entry.nr = 0; int status; waitpid(child, &status, 0); @@ -94,10 +102,22 @@ main(int argc, char *argv[]) switch(syscall_info.op) { case PTRACE_SYSCALL_INFO_ENTRY: - print_syscall(syscall_info.entry.nr, syscall_info.entry.args); - neednl = true; + entry.nr = syscall_info.entry.nr; + for(int i = 0; i < 6; i++) + entry.args[i] = syscall_info.entry.args[i]; + + // print execve(2) at entry time because parameters passed gets cleaned up + // meanwhile getcwd(2) pass a buffer and so needs to be printed at return time + if(entry.nr == SYS_execve) + { + print_syscall(entry.nr, entry.args); + neednl = true; + } + break; case PTRACE_SYSCALL_INFO_EXIT: + if(entry.nr != SYS_execve) print_syscall(entry.nr, entry.args); + if(syscall_info.exit.is_error) { fprintf(stderr, @@ -110,6 +130,7 @@ main(int argc, char *argv[]) fprintf(stderr, " = %" PRIi64 "\n", (int64_t)syscall_info.exit.rval); } neednl = false; + entry.nr = 0; break; case PTRACE_SYSCALL_INFO_SECCOMP: print_syscall(syscall_info.seccomp.nr, syscall_info.seccomp.args); @@ -127,6 +148,12 @@ main(int argc, char *argv[]) } } + if(entry.nr != 0) + { + print_syscall(entry.nr, entry.args); + neednl = true; + } + if(neednl) fprintf(stderr, "\n"); if(WIFEXITED(status))