Code Monkey home page Code Monkey logo

debuglib's Introduction

debuglib - a convenience wrapper around ptrace

this library tries to abstract away arch-specific differences for ptrace(), and provide a neater, consistent high-level interface.

  • provides facilities to set breakpoints,
  • execute till breakpoint,
  • single-step processes,
  • read and write from process memory,
  • hook syscalls and read and modify syscall arguments

it was written with the idea of writing a custom ncurses debugger without having to remote-control gdb. using the provided primitives it is quite easy to write an asm-level debugger like ollydbg, but for a source- based debugger like gdb it is required to deal with the different DWARF formats, which are quite complicated.

the API is unstable at this moment. there are working examples for a debugger and syscall hooks in the tests/ directory.

debuglib was designed for use with the RcB2 build tool, and depends on my multi-purpose C library libulz, which provides some data structures such as hashmaps and lists.

How to build the filetracer example program

cd /tmp
mkdir debuglib-0000
cd debuglib-0000/
git clone https://github.com/rofl0r/debuglib
git clone https://github.com/rofl0r/libulz lib
git clone https://github.com/rofl0r/rcb2
export PATH=$PATH:/tmp/debuglib-0000/rcb2
ln -s /tmp/debuglib-0000/rcb2/rcb2.py /tmp/debuglib-0000/rcb2/rcb2
cd debuglib/tests
rcb2 filetrace.c

Known bugs:

there are 2 ways to use the ptrace(2) api: the old method is using PTRACE_ATTACH, this is what the library currently uses. it has one major problem, which is the inability to properly deal with SIGSTOP/SIGTSTP received by a child when tracing. therefore a new API was designed that uses PTRACE_SEIZE instead. i was unaware of the issue when designing this library and using the new seize API instead would require a major rewrite, and more costly, re-test of all the functionality. fortunately processes sending SIGSTOP to subprocesses occur quite rarely, so the issue is encountered only in rare cases. the issue can be reproduced by creating a shell script with the content

msgmerge --update -q /dev/null /dev/null

on debian sid i386 at the time of this writing, and then executing

DEBUG=1 idfake sh foo.sh

using the supplied idfake example program. This result in the program hanging forever. the rather well-known program proot is victim to the same design issue. recent versions of strace otoh use the new seize API when available.

debuglib's People

Contributors

rofl0r avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.