如何解决Ptrace获取执行文件名
我试图制作类似strace的程序,但是我陷入了系统调用execve的局面,寄存器rdi,rsi和rdx都包含0(我还尝试了使用汇编文件来进行硬编码syscall),这是代码的一部分:
regs = Registers() # Registers is a ctypes version of user_regs_struct and works well with others syscalls
libc.ptrace(PtraceReq.PTRACE_GETREGS,pid,None,byref(regs))
print(regs.rdi,regs.rsi,regs.rdx)
# 0,0
编辑:更完整的代码:
class Tracer:
def __init__(self):
pass
def trace_exec(self,command,*args):
child_pid = os.fork()
if child_pid == 0:
# PtraceReq is PTRACE_* enum
libc.ptrace(PtraceReq.PTRACE_TRACEME,None)
exec(command,*args) # choose the best version of exec familly for passed args
else:
self._trace(child_pid)
def _trace(self,pid):
status = os.wait()[1]
libc.ptrace(PtraceReq.PTRACE_SetoPTIONS,1 << 20) # PTRACE_O_EXITKILL
while status == 1407:
libc.ptrace(PtraceReq.PTRACE_SYSCALL,None)
status = os.wait()[1]
self._get_syscall(pid) # before this was above os.wait and ptrace_syscall
def _get_syscall(self,pid):
regs = Registers()
# Enter syscall
libc.ptrace(PtraceReq.PTRACE_GETREGS,byref(regs))
# list of all syscalls by ID,call them parse the arguments
syscall = syscalls[regs.orig_rax](regs.rdi,regs.rdx,regs.r10,regs.r8,regs.r9)
libc.ptrace(PtraceReq.PTRACE_SYSCALL,None)
os.wait()
# Exit syscall
libc.ptrace(PtraceReq.PTRACE_GETREGS,byref(regs))
syscall.returned(regs.rax)
#if (syscall.name == 'connect') or (syscall.name == 'execve'):
print(syscall.as_function())
if __name__ == '__main__':
Tracer().trace_exec(sys.argv[1],*sys.argv[2:])
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
