001 ###########################################
002 package WriteTracer;
003 use strict;
004 use POSIX;
005 use Inline "C";
006 use Fcntl;
007
008 use Sys::Ptrace qw(ptrace
009             PTRACE_SYSCALL PTRACE_TRACEME);
010
011 ###########################################
012 sub run {
013 ###########################################
014   my($prg, @params) = @_;
015
016   my @files = ();
017   my %files = ();
018
019   if((my $pid = fork()) < 0) {
020       die "fork failed";
021
022   } elsif($pid == 0) {
023       # child
024     ptrace(PTRACE_TRACEME, $$, 0, 0);
025     exec($prg, @params);
026
027   } else {
028       # parent
029     {
030       my $rc = waitpid($pid, 0);
031       last if $rc < 0;
032
033       if( WIFSTOPPED($?) ) {
034         my($eax, $orig_eax, $ebx, $ecx,
035            $edx) = ptrace_getregs($pid);
036
037         if($eax == -ENOSYS()) {
038           if($orig_eax == 5 and
039              $ecx & O_WRONLY) {
040             my $str = ptrace_string_read(
041                                $pid, $ebx);
042             push @files, $str
043                  unless $files{$str}++;
044           }
045         }
046
047         ptrace(PTRACE_SYSCALL, $pid,
048                undef, undef);
049         redo;
050       }
051     }
052   }
053   return @files;
054 }
055
056 1;
057
058 __DATA__
059 __C__
060 #include <sys/ptrace.h>
061 #include <asm/user.h>
062
063 #define IVPUSH(x) Inline_Stack_Push( \
064                    sv_2mortal(newSViv(x)));
065
066 /* ------------------------------------- */
067 void ptrace_getregs(int pid) {
068   int rc;
069   struct user_regs_struct registers;
070   Inline_Stack_Vars;
071
072   rc = ptrace(PTRACE_GETREGS, pid,
073                           0, &registers);
074   if(rc == -1) {
075       return;
076   }
077
078   if( registers.eax == -ENOSYS ) {
079       Inline_Stack_Reset;
080       IVPUSH(registers.eax);
081       IVPUSH(registers.orig_eax);
082       IVPUSH(registers.ebx);
083       IVPUSH(registers.ecx);
084       IVPUSH(registers.edx);
085       Inline_Stack_Done;
086   }
087 }
088
089 /* ------------------------------------- */
090 int ptrace_aligned_word_read_c(int pid,
091          void *addr, char *buf, int *len) {
092   char *aligned_addr;
093   long  word;
094   void *ptr;
095
096   aligned_addr = (char *) (
097        (long)addr & ~ (sizeof(long) - 1) );
098
099   word = ptrace(PTRACE_PEEKDATA, pid,
100                 aligned_addr, NULL);
101
102   if(word == -1) {
103       return -1;
104   }
105
106   *len = sizeof(long) - ( (long) addr -
107                      (long) aligned_addr );
108   ptr = &word;
109   ptr += (sizeof(long) - *len);
110   memcpy(buf, ptr, *len);
111
112   return 0;
113 }
114
115 /* ------------------------------------- */
116 void ptrace_string_read(int pid,
117                         void *addr) {
118   char  word_buf[ sizeof(long) ];
119   int   word_len;
120   SV   *pv;
121   int   rc;
122   int   i;
123   Inline_Stack_Vars;
124
125   pv = newSVpv((const char *)"", 0);
126
127   while(1) {
128     rc = ptrace_aligned_word_read_c(pid,
129                 addr, word_buf, &word_len);
130     if(rc < 0) {
131         return;
132     }
133
134     for(i=0; i<word_len; i++) {
135       if(word_buf[i] == '\0') {
136         goto FINISH;
137       }
138       sv_catpvn(pv, (const char *)
139                     &word_buf[i], 1);
140     }
141     addr += word_len;
142   }
143
144   FINISH:
145   Inline_Stack_Reset;
146   Inline_Stack_Push(sv_2mortal(pv));
147   Inline_Stack_Done;
148 }

You are viewing proxied material from gopher.rbfh.de. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.