免费注册 查看新帖 |

Chinaunix

  平台 论坛 博客 文库
论坛 程序设计 Ruby Ruby 版的 PinkTrace 示例 pink-simple-strace-linux.rb
最近访问板块 发新帖
查看: 2332 | 回复: 0
打印 上一主题 下一主题

Ruby 版的 PinkTrace 示例 pink-simple-strace-linux.rb [复制链接]

boy11-2

论坛徽章:
0
跳转到指定楼层
1 [收藏(0)] [报告]
发表于 2011-01-16 18:19 |只看该作者 |倒序浏览
  1. #!/usr/bin/env ruby
  2. # coding: utf-8
  3. # vim: set sw=2 sts=2 et nowrap fenc=utf-8 :

  5. require 'socket'
  6. require 'PinkTrace'

  8. PF_INET6   = (PinkTrace::HAVE_IPV6 and Socket.const_defined? 'AF_INET6') ? Socket::AF_INET6 : -999
  9. PF_NETLINK = (PinkTrace::HAVE_NETLINK and Socket.const_defined? 'AF_NETLINK') ? Socket::AF_NETLINK : -9999

  11. def print_ret pid
  12.   ret = PinkTrace::Syscall.get_ret pid

  14.   if ret >= 0
  15.     print "= #{ret}"
  16.   else
  17.     print "= #{ret} #{Errno.constants[-ret]}"
  18.   end
  19. end

  21. def decode_open pid, bitness
  22.   path = PinkTrace::String.decode pid, 0, -1, bitness
  23.   flags = PinkTrace::Syscall.get_arg pid, 1, bitness

  25.   print "open(\"#{path}\", #{flags})"
  26. end

  28. def decode_execve pid, bitness
  29.   path = PinkTrace::String.decode pid, 0, -1, bitness
  30.   addr = PinkTrace::Syscall.get_arg pid, 1, bitness

  32.   print "execve(\"#{path}\", ["

  34.   i = 0
  35.   sep = ''
  36.   loop do
  37.     path = PinkTrace::StringArray.decode pid, addr, i
  38.     if path
  39.       print "#{sep}\"#{path}\""
  40.       i += 1
  41.       sep = ', '
  42.     else
  43.       print '], envp[]'
  44.       break
  45.     end
  46.   end
  47. end

  49. def decode_socketcall pid, bitness, scname
  50.   subname = nil
  51.   if PinkTrace::Socket.has_socketcall? bitness
  52.     subcall = PinkTrace::Socket.decode_call pid, bitness
  53.     subname = PinkTrace::Socket.name subcall

  55.     unless subname =~ /(bind|connect)/
  56.       print subname + '()'
  57.       return
  58.     end
  59.   end

  61.   addr, fd = PinkTrace::Socket.decode_address_fd pid, 1, bitness
  62.   print (subname ? subname : scname) + '(' + fd.to_s + ', '

  64.   case addr.family
  65.   when -1
  66.     print 'NULL'
  67.   when Socket::AF_UNIX
  68.     print '{sa_family=AF_UNIX, path=' + (addr.abstract? ? '@' + addr.path : addr.path) + '}'
  69.   when Socket::AF_INET
  70.     print '{sa_family=AF_INET, sin_port=htons(' + addr.port.to_s + '), sin_addr=inet("' + addr.ip + '")}'
  71.   when PF_INET6
  72.     print '{sa_family=AF_INET6, sin6_port=htons(' + addr.port.to_s + '), inet_pton(AF_INET6, "' + addr.ipv6 + ', &sin6_addr)}'
  73.   when PF_NETLINK
  74.     print '{sa_family=AF_NETLINK, pid=' + addr.port.to_s + ', groups=' + sprintf('%08x', addr.groups) + '}'
  75.   else
  76.     print '{sa_family=???}'
  77.   end

  79.   print ', ' + addr.length.to_s
  80. end

  82. unless ARGV.size > 0
  83.   puts "Usage: #{$0} program [arguments..]"
  84.   exit 1
  85. end

  87. pid = fork do
  88.   PinkTrace::Trace.me
  89.   Process.kill 'STOP', Process.pid

  91.   exec(*ARGV)
  92. end

  94. Process.waitpid pid
  95. PinkTrace::Trace.setup pid, (PinkTrace::Trace::OPTION_SYSGOOD | PinkTrace::Trace::OPTION_EXEC)

  97. # Figure out the bitness of the child.
  98. bitness = PinkTrace::Bitness.get pid
  99. puts "Child #{pid} runs in #{PinkTrace::Bitness.name bitness} mode"

  101. dead = false
  102. insyscall = false
  103. sig = 0
  104. exit_code = 0

  106. loop do
  107.   # At this point the traced child is stopped and needs to be resumed.
  108.   PinkTrace::Trace.syscall pid, sig
  109.   sig = 0
  110.   Process.waitpid pid

  112.   # Check the event, if no argument is given PinkTrace::Event.decide uses
  113.   # $?.status and Process.waitpid sets $?.
  114.   event = PinkTrace::Event.decide

  116.   case event
  117.   when PinkTrace::Event::EVENT_SYSCALL
  118.     # We get this event twice, one at entering a system call and one at
  119.     # exiting a system call.
  120.     if insyscall
  121.       print ' '
  122.       print_ret pid
  123.       puts
  124.     else
  125.       # Get the system call number and call the appropriate decoder.
  126.       scno = PinkTrace::Syscall.get_no pid
  127.       scname = PinkTrace::Syscall.name scno
  128.       case scname
  129.       when nil then print "#{scno}()"
  130.       when 'open' then decode_open pid, bitness
  131.       when 'execve' then decode_execve pid, bitness
  132.       when 'socketcall'
  133.       when 'bind'
  134.       when 'connect' then decode_socketcall pid, bitness, scname
  135.       else print "#{scname}()"
  136.       end
  137.     end
  138.     insyscall = (not insyscall)
  139.   when PinkTrace::Event::EVENT_EXEC
  140.     # Update bitness
  141.     bitness = PinkTrace::Bitness.get pid
  142.   when PinkTrace::Event::EVENT_GENUINE
  143.   when PinkTrace::Event::EVENT_UNKNOWN
  144.     # Send the signal to the traced child as it was a genuine signal.
  145.     sig = $?.stopsig
  146.   when PinkTrace::Event::EVENT_EXIT_GENUINE
  147.     exit_code = $?.exitstatus
  148.     puts "Child #{pid} exited normally with return code #{exit_code}"
  149.     dead = true
  150.   when PinkTrace::Event::EVENT_EXIT_SIGNAL
  151.     exit_code = 128 + $?.termsig
  152.     puts "Child #{pid} exited with signal #{$?.termsig}"
  153.     dead = true
  154.   end

  156.   break if dead
  157. end
复制代码
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复

  

北京盛拓优讯信息技术有限公司. 版权所有 京ICP备16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122 niuxiaotong@pcpop.com 17352615567
未成年举报专区
中国互联网协会会员  联系我们:huangweiwei@itpub.net
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP