void hookSysCallBefore(pid_t pid) { struct pt_regs regs; int sysCallNo = 0; ptrace(PTRACE_GETREGS, pid, NULL, ®s); sysCallNo = getSysCallNo(pid, ®s); printf("Before SysCallNo = %d\n",sysCallNo); if(sysCallNo == __NR_write) { printf("__NR_write: %ld %p %ld\n",regs.ARM_r0,(void*)regs.ARM_r1,regs.ARM_r2); } }
void hookSysCallAfter(pid_t pid) { struct pt_regs regs; int sysCallNo = 0; ptrace(PTRACE_GETREGS, pid, NULL, ®s); sysCallNo = getSysCallNo(pid, ®s); printf("After SysCallNo = %d\n",sysCallNo); if(sysCallNo == __NR_write) { printf("__NR_write return: %ld\n",regs.ARM_r0); } printf("\n"); }
static void tracePro(int pid){ printf("Attached success: %d.\n", pid); long scno = 0; long regv = 0; struct pt_regs regs; char *str; scno = getSysCallNo(pid, ®s); // TODO ... getdata 和 putdata 的字符串处理逻辑有问题. if(scno == __NR_write){ printf("Call __NR_write. \n"); str = (char*)calloc(1, (regs.ARM_r2+1) * sizeof(char)); printf("start getdata. \n"); getdata(pid, regs.ARM_r1, str, regs.ARM_r2); printf("end getdata: %s.\n", str); reverse(str); printf("start putdata. \n"); putdata(pid, regs.ARM_r1, str, regs.ARM_r2); printf("end putdata. \n"); } }