mstrace.c - mstrace - Small Linux strace(1) implementation

mstrace.c (3329B)

// SPDX-FileCopyrightText: 2024 Haelwenn (lanodan) Monnier <contact+mstrace@hacktivis.me>
// SPDX-License-Identifier: MPL-2.0
#define _DEFAULT_SOURCE
#include <errno.h>
#include <inttypes.h>     // PRIu64
#include <linux/ptrace.h> // ptrace_syscall_info, __u64
#include <stdbool.h>
#include <stdio.h>       // fprintf
#include <string.h>      // strerror
#include <sys/ptrace.h>  // ptrace()
#include <sys/syscall.h> // SYS_*
#include <sys/wait.h>
#include <unistd.h> // getpid, fork, execvp
extern void print_syscall_entry(__u64 nr, __u64 args[6]);
extern void print_syscall_exit(__u64 nr, __u64 args[6]);
pid_t child = -1;
static int
wait_for_syscall(int *status)
{
	while(1)
	{
		ptrace(PTRACE_SYSCALL, child, 0, 0);
		waitpid(child, status, 0);
		if(WIFSTOPPED(*status) && WSTOPSIG(*status) & 0x80) return 0;
		if(WIFEXITED(*status)) return 1;
	}
}
int
main(int argc, char *argv[])
{
	argc -= 1;
	argv += 1;
	if(argc < 1)
	{
		fprintf(stderr, "Usage: mstrace <command> [args...]\n");
		return 1;
	}
	child = fork();
	if(child < 0)
	{
		fprintf(stderr, "mstrace: error: Failed creating child process: %s\n", strerror(errno));
		return 1;
	}
	else if(child == 0)
	{
		errno = 0;
		int ret = ptrace(PTRACE_TRACEME);
		if(ret < 0 && errno != 0)
		{
			fprintf(stderr, "mstrace: error: Failed ptrace(PTRACE_TRACEME): %s\n", strerror(errno));
			return 1;
		}
		if(kill(getpid(), SIGSTOP) < 0)
		{
			fprintf(stderr, "mstrace: error: Failed stopping parent: %s\n", strerror(errno));
			return 1;
		}
		execvp(argv[0], argv);
		return 1;
	}
	struct
	{
		__u64 nr;
		__u64 args[6];
	} entry;
	entry.nr = 0;
	int status;
	waitpid(child, &status, 0);
	ptrace(PTRACE_SETOPTIONS, child, 0, PTRACE_O_TRACESYSGOOD);
	while(1)
	{
		if(wait_for_syscall(&status) != 0) break;
		struct ptrace_syscall_info syscall_info;
		long ret =
		    ptrace(PTRACE_GET_SYSCALL_INFO, child, sizeof(struct ptrace_syscall_info), &syscall_info);
		if(ret < 0)
		{
			fprintf(
			    stderr,
			    "mstrace: error: Failed getting syscall information via PTRACE_GET_SYSCALL_INFO: %s\n",
			    strerror(errno));
			continue;
		}
		switch(syscall_info.op)
		{
		case PTRACE_SYSCALL_INFO_ENTRY:
			entry.nr = syscall_info.entry.nr;
			for(int i = 0; i < 6; i++)
				entry.args[i] = syscall_info.entry.args[i];
			print_syscall_entry(entry.nr, entry.args);
			break;
		case PTRACE_SYSCALL_INFO_EXIT:
			if(entry.nr != SYS_execve) print_syscall_exit(entry.nr, entry.args);
			if(syscall_info.exit.is_error)
			{
				fprintf(stderr,
				        " = (errno: %" PRIi64 ") %s\n",
				        (int64_t)(-syscall_info.exit.rval),
				        strerror(-syscall_info.exit.rval));
			}
			else
			{
				fprintf(stderr, " = %" PRIi64 "\n", (int64_t)syscall_info.exit.rval);
			}
			entry.nr = 0;
			break;
		case PTRACE_SYSCALL_INFO_SECCOMP:
			print_syscall_exit(syscall_info.seccomp.nr, syscall_info.seccomp.args);
			// TODO: Check how strace manages this
			fprintf(stderr, " [seccomp_ret = %" PRIu32 "]", syscall_info.seccomp.ret_data);
			break;
		case PTRACE_SYSCALL_INFO_NONE:
			fprintf(stderr, "[syscall-info] none\n");
			break;
		}
	}
	if(entry.nr != 0)
		print_syscall_exit(entry.nr, entry.args);
	if(WIFEXITED(status))
	{
		fprintf(stderr, "+++ exited with %d +++\n", WEXITSTATUS(status));
		return WEXITSTATUS(status);
	}
	return 0;
}