search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Continued ripping up the source.
[aesalon.git] / monitor / src / ptrace / Portal.cpp
blob6f990a5887b88e685fbad6b67fe669cbcbfdb21e
1 #include <iostream>
2 #include <sys/user.h>
3 #include <sys/ptrace.h>
4 #include <sys/types.h>
5 #include <sys/wait.h>
6 #include <unistd.h>
7 #include <errno.h>
8 #include <signal.h>
9 #include <cstring>
10 #include <iostream>
11 #include <fstream>
12 #include <sstream>
13 #include <climits>
14
15 #include "Portal.h"
16 #include "Initializer.h"
17
18 #include "ExitObserver.h"
19 #include "TrapObserver.h"
20 #include "SegfaultObserver.h"
21 #include "MallocObserver.h"
22 #include "FreeObserver.h"
23 #include "ReallocObserver.h"
24 #include "MainObserver.h"
25 #include "BreakpointReference.h"
26
27 #include "misc/String.h"
28
29 #include "Message.h"
30
31 namespace Aesalon {
32 namespace Monitor {
33 namespace PTrace {
34
35 Portal::Portal(Misc::SmartPointer<Misc::ArgumentList> argument_list) : pid(0), libc_offset(0) {
36 std::cout << "Portal::Portal(): called, initialization begun . . . \n";
37 pid = fork();
38 if(pid == -1)
39 throw PTraceException(Misc::StreamAsString() << "Forking to create child process failed: " << strerror(errno));
40 else if(pid == 0) {
41 ptrace(PTRACE_TRACEME, 0, NULL, NULL);
42 if(execv(argument_list->get_argument(0).c_str(), argument_list->get_as_argv()) == -1) {
43 throw PTraceException(Misc::StreamAsString() << "Failed to execute process: " << strerror(errno));
44 }
45 }
46
47 /*ptrace(PTRACE_SETOPTIONS, pid, 0, PTRACE_O_TRACESYSGOOD);*/
48
49 /* Trap signals are the most common, so add the TrapObserver on first. */
50 add_signal_observer(new TrapObserver());
51 add_signal_observer(new ExitObserver());
52 add_signal_observer(new SegfaultObserver());
53
54 /* This is a single-shot breakpoint observer, but since there's currently no way to remove observers, stick it on last. */
55 initial_observer = new MainObserver();
56 malloc_observer = new MallocObserver();
57 free_observer = new FreeObserver();
58 realloc_observer = new ReallocObserver();
59
60 std::cout << "Portal::Portal(): waiting for SIGTRAP call from child . . ." << std::endl;
61 /* Wait for the SIGTRAP that indicates a exec() call . . . */
62 wait_for_signal();
63 std::cout << "Portal::Portal(): got SIGTRAP call, placing breakpoint on main . . ." << std::endl;
64 /* place a breakpoint at main, for intialization purposes. */
65 Word main_address = Initializer::get_instance()->get_program_manager()->get_elf_parser()->get_symbol("main")->get_address();
66 place_breakpoint(main_address, initial_observer);
67
68 std::cout << "Portal::Portal(): continuing execution until breakpoint on main . . ." << std::endl;
69 /* Now continue until main(). */
70 continue_execution();
71 }
72
73 Word Portal::get_register(ASM::Register which) const {
74 struct user_regs_struct registers;
75 if(ptrace(PTRACE_GETREGS, pid, NULL, &registers) == -1)
76 throw PTraceException(Misc::StreamAsString() << "Couldn't get register values: " << strerror(errno));
77
78 switch(which) {
79 #if AESALON_PLATFORM == AESALON_PLATFORM_x86_64
80 case ASM::Register::RAX:
81 /*std::cout << "Value of RAX requested; RAX is " << registers.rax << ", ORIG_RAX is " << registers.orig_rax << std::endl;*/
82 return registers.rax;
83 case ASM::Register::RBX:
84 return registers.rbx;
85 case ASM::Register::RDI:
86 return registers.rdi;
87 case ASM::Register::RSI:
88 return registers.rsi;
89 case ASM::Register::RIP:
90 return registers.rip;
91 case ASM::Register::RBP:
92 return registers.rbp;
93 case ASM::Register::RSP:
94 return registers.rsp;
95 #endif
96 default:
97 throw PTraceException("Value of invalid register requested");
98 }
99 }
100
101 void Portal::set_register(ASM::Register which, Word new_value) {
102 struct user_regs_struct registers;
103 if(ptrace(PTRACE_GETREGS, pid, NULL, &registers) == -1)
104 throw PTraceException(Misc::StreamAsString() << "Couldn't get register values: " << strerror(errno));
105
106 switch(which) {
107 #if AESALON_PLATFORM == AESALON_PLATFORM_x86_64
108 case ASM::Register::RIP:
109 registers.rip = new_value;
110 break;
111 #endif
112 default:
113 throw PTraceException("Asked to set value of invalid register");
114 }
115 if(ptrace(PTRACE_SETREGS, pid, NULL, &registers) == -1)
116 throw PTraceException(Misc::StreamAsString() << "Couldn't set register values: " << strerror(errno));
117 }
118
119 Word Portal::read_memory(Word address) const {
120 std::cout << "Portal::read_memory() called . . ." << std::endl;
121 std::cout << "\tReading address " << std::hex << address << std::endl;
122 Word return_value = ptrace(PTRACE_PEEKDATA, pid, address, NULL);
123 if(return_value == Word(-1) && errno != 0)
124 throw PTraceException(Misc::StreamAsString() << "Couldn't read memory: " << strerror(errno));
125 return return_value;
126 }
127
128 void Portal::write_memory(Word address, Word value) {
129 std::cout << "Portal::write_memory(address, Word) called . . ." << std::endl;
130 if(ptrace(PTRACE_POKEDATA, pid, address, value) == -1)
131 throw PTraceException(Misc::StreamAsString() << "Couldn't write memory: " << strerror(errno));
132 }
133
134 void Portal::write_memory(Word address, Byte value) {
135 std::cout << "Portal::write_memory(address, Byte) called . . ." << std::endl;
136 std::cout << "\tWriting 0x" << std::hex << (int)value << " to " << address << std::endl;
137 Word word_offset = 0;
138 word_offset = address & 0x07;
139 Word current_value = read_memory(address - word_offset);
140
141 current_value &= ~(Word(0xff) << (word_offset * CHAR_BIT));
142 current_value |= (Word(value) << (word_offset * CHAR_BIT));
143 write_memory(address - word_offset, current_value);
144 }
145
146 void Portal::attach() {
147 ptrace(PTRACE_ATTACH, pid, NULL, NULL);
148 }
149
150 void Portal::detach() {
151 ptrace(PTRACE_DETACH, pid, NULL, NULL);
152 }
153
154 std::size_t Portal::place_breakpoint(Word address, Misc::SmartPointer<BreakpointObserver> observer) {
155 std::cout << "Portal::place_breakpoint() called . . ." << std::endl;
156 std::cout << "\tPlacing breakpoint at " << std::hex << address << std::dec << std::endl;
157 Misc::SmartPointer<Breakpoint> bp = get_breakpoint_by_address(address);
158 if(!bp.is_valid()) {
159 Byte original = read_memory(address) & 0xff;
160 bp = new Breakpoint(address, original);
161 add_breakpoint(bp);
162 write_memory(address, bp->get_breakpoint_character());
163 }
164 bp->add_observer(observer);
165 std::cout << "\tplaced breakpoint #" << bp->get_id() << std::endl;
166 return bp->get_id();
167 }
168
169 void Portal::remove_breakpoint(Word address) {
170 std::cout << "Portal::remove_breakpoint() called . . ." << std::endl;
171 std::cout << "\tRemoving breakpoint at " << std::hex << address << std::dec << std::endl;
172
173 Misc::SmartPointer<Breakpoint> bp = get_breakpoint_by_address(address);
174 if(!bp.is_valid()) {
175 std::cout << "\tAsked to remove non-existent breakpoint!" << std::endl;
176 return;
177 }
178 Byte original = bp->get_original();
179 write_memory(bp->get_address(), original);
180 for(breakpoint_list_t::iterator i = breakpoint_list.begin(); i != breakpoint_list.end(); i ++) {
181 if((*i)->get_id() == bp->get_id()) {
182 breakpoint_list.erase(i);
183 break;
184 }
185 }
186 }
187
188 Misc::SmartPointer<Breakpoint> Portal::get_breakpoint_by_id(std::size_t which) const {
189 for(breakpoint_list_t::const_iterator i = breakpoint_list.begin(); i != breakpoint_list.end(); i ++) {
190 if((*i)->get_id() == which) return *i;
191 }
192 return NULL;
193 }
194
195 Misc::SmartPointer<Breakpoint> Portal::get_breakpoint_by_address(Word address) const {
196 for(breakpoint_list_t::const_iterator i = breakpoint_list.begin(); i != breakpoint_list.end(); i ++) {
197 if((*i)->get_address() == address) return *i;
198 }
199 return NULL;
200 }
201
202
203 void Portal::handle_signal() {
204 int signal;
205 int status = wait_for_signal();
206 if(!WIFEXITED(status) && WIFSTOPPED(status)) {
207 siginfo_t signal_info;
208 if(ptrace(PTRACE_GETSIGINFO, pid, NULL, &signal_info) == -1) {
209 throw PTraceException(Misc::StreamAsString() << "Failed to get signal information: " << strerror(errno));
210 }
211 signal = signal_info.si_signo;
212 }
213 else signal = -1;
214
215 std::cout << std::dec;
216
217 std::cout << "Portal::handle_signal(): status: (" << status << "): ";
218
219 for(int mask = 1 << 20; mask > 0; mask >>= 1) {
220 std::cout << ((status & mask)?"1":"0");
221 }
222
223 std::cout << ", signal: " << signal << std::endl;
224
225 for(signal_observer_list_t::iterator i = signal_observer_list.begin(); i != signal_observer_list.end(); i ++) {
226 if((*i)->handle_signal(signal, status)) return;
227 }
228 Message::Message(Message::DEBUG_MESSAGE, Misc::StreamAsString() << "Caught unknown signal " << signal << ", resuming execution with signal");
229 /* Default action: continue */
230 continue_execution(signal);
231 }
232
233 void Portal::continue_execution(int signal) {
234 std::cout << "Portal::continue_execution() called . . ." << std::endl;
235 if(ptrace(PTRACE_CONT, pid, NULL, NULL) == -1)
236 throw PTraceException(Misc::StreamAsString() << "Couldn't continue program execution: " << strerror(errno));
237 std::cout << "\tExecution continued." << std::endl;
238 }
239
240 void Portal::single_step() {
241 std::cout << "Portal::single_step() called . . ." << std::endl;
242 if(ptrace(PTRACE_SINGLESTEP, pid, NULL, NULL) == -1)
243 throw PTraceException(Misc::StreamAsString() << "Couldn't single-step program:" << strerror(errno));
244 wait_for_signal(); /* ptrace(PTRACE_SINGLESTEP throws a SIGTRAP when it's done, so wait for it. */
245 std::cout << "\tSingle-step successful. " << std::endl;
246 }
247
248 int Portal::wait_for_signal() {
249 std::cout << "Portal::wait_for_signal() called . . ." << std::endl;
250 int status;
251 if(waitpid(pid, &status, 0) == -1) throw PTraceException(Misc::StreamAsString() << "Couldn't waitpid() on child: " << strerror(errno));
252 std::cout << "\tGot signal." << std::endl;
253 return status;
254 }
255
256 void Portal::handle_breakpoint() {
257 std::cout << "Portal::handle_breakpoint() called . . ." << std::endl;
258 Word ip = get_register(
259 #if AESALON_PLATFORM == AESALON_PLATFORM_x86_64
260 ASM::Register::RIP
261 #elif AESALON_PLATFORM == AESALON_PLATFORM_x86
262 ASM::Register::EIP
263 #endif
264 );
265 /* Subtract one from the IP, since the 0xcc SIGTRAP instruction was executed . . . */
266 ip --;
267 Misc::SmartPointer<Breakpoint> breakpoint = get_breakpoint_by_address(ip);
268 std::cout << "\tIP: " << std::hex << ip << std::dec << std::endl;
269 if(!breakpoint.is_valid()) {
270 /*Message(Message::DEBUG_MESSAGE, "handle_breakpoint() called on non-breakpoint");*/
271 return;
272 }
273 Message(Message::DEBUG_MESSAGE, "handle_breakpoint() found a breakpoint . . .");
274
275 /* ip is currently ($rip - 1), to use gdb notation. In other words, back up one byte. */
276 set_register(ASM::Register::RIP, ip);
277
278 breakpoint->notify();
279
280 /* Write out the original instruction . . . */
281 write_memory(breakpoint->get_address(), breakpoint->get_original());
282 /* Single-step over that instruction . . . */
283 single_step();
284 /* Only re-write out the trap instruction if the breakpoint is still valid. */
285 if(breakpoint->is_valid()) {
286 /* Re-write out the trap instruction . . . */
287 write_memory(breakpoint->get_address(), breakpoint->get_breakpoint_character());
288 }
289 else {
290 remove_breakpoint(breakpoint->get_address());
291 }
292 /* And then TrapObserver will call continue_execution(). */
293 }
294
295 Word Portal::get_libc_offset() {
296 if(libc_offset != 0) return libc_offset;
297 libc_offset = 0;
298
299 std::string map_file;
300 map_file = Misc::StreamAsString() << "/proc/" << pid << "/maps";
301 std::ifstream map_stream(map_file.c_str());
302 if(!map_stream.is_open()) throw PTraceException(Misc::StreamAsString() << "Couldn't open " << map_file << ", perhaps permissions are screwy?");
303
304 /*std::cout << "Memory map: " << std::endl;*/
305
306 /* Example memory map excerpt (from bash):
307 00400000-004d5000 r-xp 00000000 08:06 71555 /bin/bash
308 006d4000-006de000 rw-p 000d4000 08:06 71555 /bin/bash
309 006de000-006e3000 rw-p 00000000 00:00 0
310 015ba000-01a44000 rw-p 00000000 00:00 0 [heap]
311 7f7698328000-7f769832a000 r-xp 00000000 08:06 218888 /usr/lib/gconv/ISO8859-1.so
312 7f769832a000-7f7698529000 ---p 00002000 08:06 218888 /usr/lib/gconv/ISO8859-1.so
313 7f7698529000-7f769852a000 r--p 00001000 08:06 218888 /usr/lib/gconv/ISO8859-1.so
314 7f769852a000-7f769852b000 rw-p 00002000 08:06 218888 /usr/lib/gconv/ISO8859-1.so
315 */
316
317 /* Get one line at a time, for EOF detection purposes. */
318
319 char buffer[1024];
320 while(!map_stream.eof() && map_stream.getline(buffer, 1024, '\n') && std::strlen(buffer)) {
321 Word from, to;
322 char spacer;
323 Word offset;
324 std::string mode, device, inode, path;
325
326 std::stringstream line_stream;
327 line_stream << buffer;
328 line_stream >> std::hex >> from;
329 line_stream >> spacer;
330 line_stream >> std::hex >> to;
331 line_stream >> mode;
332 line_stream >> std::hex >> offset;
333 line_stream >> device;
334 line_stream >> inode;
335 line_stream >> path;
336 /*std::cout << "\tLibrary path is \"" << path << "\"\n";
337 std::cout << "\tAddress range is: 0x" << std::hex << from << " to 0x" << to << " (size 0x" << to-from << ")" << std::endl;
338 std::cout << "\tMap mode is: \"" << mode << "\"\n";
339 std::cout << std::dec << std::endl;*/
340 if(Misc::String::begins_with(path, "/lib/libc")) {
341 if(mode == "r-xp") libc_offset = from;
342 }
343 }
344
345 map_stream.close();
346
347 return libc_offset;
348 }
349
350 } // namespace PTrace
351 } // namespace Monitor
352 } // namespace Aesalon
A program to collect, store, and visualize various data on a program in real-time.