-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathstrace.py
executable file
·94 lines (75 loc) · 3.01 KB
/
strace.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
__author__ = 'ling'
from cpuinfo import *
from zio import *
if CPU_64BITS:
from linux_syscall64 import *
else:
from linux_syscall32 import *
def get_retval(dbg):
if CPU_64BITS:
return dbg.regs.rip
else:
return dbg.regs.eip
def write_handler(dbg, cur_pc, sys_name, arg0, arg1, arg2, isafter):
if isafter:
length = arg2
if arg2 > 0x20:
length = 0x20
data = dbg.read(arg1, length)
print sys_name + ':' + hex(cur_pc) + ':' + data
def read_handler(dbg, cur_pc, sys_name, arg0, arg1, arg2, isafter):
if isafter:
length = get_retval(dbg)
if length > 0x20:
length = 0x20
data = dbg.read(arg1, length)
print str(dbg.pid)+':'+sys_name + ':' + hex(cur_pc) + ':' + hex(arg1) + ":" + data
def read_str(dbg, addr):
string = ''
for i in range(8):
data = dbg.read(addr+i*8, 8)
if '\x00' in data:
string += data.split('\x00')[0]
return string
else:
string += data
return string
def open_handler(dbg, cur_pc, sys_name, arg0, arg1, arg2, isafter):
if isafter:
file_name = read_str(dbg, arg0)
retval = get_retval(dbg)
print str(dbg.pid)+':'+sys_name + ':' + file_name +':' + hex(retval)
def stat_handler(dbg, cur_pc, sys_name, arg0, arg1, arg2, isafter):
if isafter:
file_name = read_str(dbg, arg0)
print str(dbg.pid)+':'+sys_name + ':' + file_name
def access_handler(dbg, cur_pc, sys_name, arg0, arg1, arg2, isafter):
if isafter:
file_name = read_str(dbg, arg0)
print str(dbg.pid)+':'+sys_name + ':' + file_name
def brk_handler(dbg, cur_pc, sys_name, arg0, arg1, arg2, isafter):
if isafter:
retval = get_retval(dbg)
print str(dbg.pid)+':'+sys_name + ':' + hex(retval)
def mmap_handler(dbg, cur_pc, sys_name, arg0, arg1, arg2, isafter):
if isafter:
retval = get_retval(dbg)
print str(dbg.pid)+':'+sys_name + ':' + hex(retval) + ':' + hex(arg1)
def exit_handler(dbg, cur_pc, sys_name, arg0, arg1, arg2, isafter):
if not isafter:
print str(dbg.pid)+':'+sys_name + ':' + hex(cur_pc)
def exit_group_handler(dbg, cur_pc, sys_name, arg0, arg1, arg2, isafter):
if not isafter:
print str(dbg.pid)+':'+sys_name + ':' + hex(cur_pc)
def default_sys_call_handler(dbg, cur_pc, sys_name, arg0, arg1, arg2, isafter):
if isafter:
print str(dbg.pid)+':'+sys_name + ':' + hex(cur_pc) + ':' + hex(arg0) + ':' + hex(arg1) + ":" + hex(arg2)
def close_handler(dbg, cur_pc, sys_name, arg0, arg1, arg2, isafter):
if isafter:
print str(dbg.pid)+':'+sys_name + ':' + hex(cur_pc) + ':' + hex(arg0)
sys_call_handlers = {'write': write_handler, 'read': read_handler, 'exit': exit_handler, 'exit_group': exit_group_handler,
'open': open_handler, 'access': access_handler}
sys_call_handlers['brk'] = brk_handler
sys_call_handlers['stat'] = stat_handler
sys_call_handlers['mmap'] = mmap_handler
sys_call_handlers['close'] = close_handler