/** * parent_trace - trace the system call ids made by the child being traced * * @pid: child pid * * Return: 0 on success, -1 on failure */ int parent_trace(pid_t pid) { int status; waitpid(pid, &status, 0); ptrace(PTRACE_SETOPTIONS, pid, 0, PTRACE_O_TRACESYSGOOD); while (1) { struct user_regs_struct regs; if (wait_for_syscall(pid) == 1) break; ptrace(PTRACE_GETREGS, pid, 0, ®s); print_syscall_with_params(regs, pid); if (regs.orig_rax == 231) printf(") = ?\n"); fflush(stdout); if (wait_for_syscall(pid) == 1) break; ptrace(PTRACE_GETREGS, pid, 0, ®s); if (regs.rax == 0) printf(") = %llx\n", regs.rax); else printf(") = 0x%llx\n", regs.rax); } return (0); }
int run_trace(pid_t child) { int status, syscall_rax; waitpid(child, &status, 0); ptrace(PTRACE_SETOPTIONS, child, 0, PTRACE_O_TRACESYSGOOD); while(1) { if(wait_for_syscall(child) != 0) return 1; syscall_rax = get_reg(child, reg_offset(orig_eax)); fprintf(stderr, "%d\n", syscall_rax); if(wait_for_syscall(child) != 0) return 1; //TODO } return 0; }
int do_trace(pid_t child) { int status; int retval; waitpid(child, &status, 0); assert(WIFSTOPPED(status)); ptrace(PTRACE_SETOPTIONS, child, 0, PTRACE_O_TRACESYSGOOD); while(1) { if (wait_for_syscall(child) != 0) break; print_syscall(child); if (wait_for_syscall(child) != 0) break; retval = get_reg(child, eax); assert(errno == 0); fprintf(stderr, "%d\n", retval); } return 0; }