当前位置: 文江博客话题详情

Solaris 中的 ptrace

发布于 2024-11-24 02:58:38 字数 84 浏览 3 评论 0原文

我正在尝试将一个使用 ptrace 的程序从 Linux 移植到 Solaris,但没有成功,因为它抱怨找不到 sys/ptrace.h。知道如何移植吗?

原文

I'm trying to port a program that uses ptrace from linux to solaris, but no luck, as it complains that sys/ptrace.h is not found. Any idea how to port it?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

廻憶裏菂餘溫 2024-12-01 02:58:38

至少在我可以访问的 Solaris 系统上,man ptrace 表示要包含

#include <unistd.h>
#include <sys/types.h>

对 ptrace 原型和常量的访问。但是,有一个使用说明指出 ptrace 仅适用于 32 位 libc,并且 64 位客户端应使用 /proc 调试接口,因此我不确定这会让您走多远。

At least on the solaris system I have access to, man ptrace says to include

#include <unistd.h>
#include <sys/types.h>

for access to the ptrace prototype and constants. However, there is a usage note that states that ptrace is available only with the 32-bit libc, and that 64 bit clients should use the /proc debugging interfaces instead, so I'm not sure how far this will get you.

回复 原文
¢蛋碎的人ぎ生 2024-12-01 02:58:38

某些系统(例如 Solaris)已删除 ptrace 作为系统调用
总共,将其保留为库调用,重新解释对
ptrace 就平台的 procfs 而言

http://en.wikipedia.org/wiki/Ptrace

另外,似乎 strace 实用程序在 Solaris 上不可用,相反,他们有一个名为 truss,看看您的系统上是否有。

Some, such as Solaris, have removed ptrace as a system call
altogether, retaining it as a library call that reinterprets calls to
ptrace in terms of the platform's procfs

http://en.wikipedia.org/wiki/Ptrace

Also, it seems that strace utility is not avaliable on Solaris, instead they have one that is called truss, see if you have that on your system.

回复 原文
淑女气质 2024-12-01 02:58:38

编辑:添加和删除了有关如何联系我以及如何将代码许可给您的过时信息

我最终使用了 /proc//ctrl 以及 中的其他各种接口/proc/ 编写我自己的库来执行 ptrace() 之类的事情。不幸的是,该接口(至少在当时)被标记为直接使用不安全,可以随时更改等,但在实践中似乎很稳定。不知道它是否已经改变,这大约是 2011 年左右...

要开发基本的 ptrace 等效功能,请从以下开始:

man 4 proc

使用 /proc//ctrl 接口,与 ptrace 相比,您几乎可以做所有事情(甚至更多),例如读/写内存/寄存器、附加/分离、设置系统调用断点等等。不需要太多工作,您就可以可以编写自己的ptrace仿真API。这些是我编写的 API 低级部分的原型:

procfs_ctl_PCSFAULT (pid_t pid, fltset_t * fltset);
procfs_ctl_PCWATCH (pid_t pid, prwatch_t * prwatch);
procfs_ctl_PCSTRACE (pid_t pid, sigset_t * sigset);
procfs_ctl_PCSEXIT (pid_t pid, sysset_t * sysset);
procfs_ctl_PCSENTRY (pid_t pid, sysset_t * sysset);
procfs_ctl_PCWSTOP (pid_t pid);
procfs_ctl_PCSVADDR (pid_t pid, long vaddr);
procfs_ctl_PCSTOP (pid_t pid);
procfs_ctl_PCWRITE (pid_t pid, off_t off, void *buff, size_t count);
procfs_ctl_PCTWSTOP (pid_t pid, long delay);
procfs_ctl_PCSCRED (pid_t pid, prcred_t * cred);
procfs_ctl_PCREAD (pid_t pid, off_t off, void *buff, size_t count);
procfs_ctl_PCSSIG (pid_t pid);
procfs_ctl_PCRUN (pid_t pid, long flags);
procfs_ctl_PCDSTOP (pid_t pid);
procfs_ctl_PCCSIG (pid_t pid);
procfs_ctl_PCCFAULT (pid_t pid);
procfs_ctl_PCKILL (pid_t pid, long signal);
procfs_ctl_PCSREG (pid_t pid, long lwpid, prgregset_t * regs);

您可能会看到在这些函数之上为 ptrace 编写一个兼容层是多么容易。 Solaris Internals 这本书在执行此操作时非常有用 - 虽然有关 proc 接口的章节几乎是手册页的逐字副本,但快速浏览一下还是很不错的。

最终,我最终没有生成 ptrace 兼容的 API - 我跳过了该步骤并实现了执行更高级别功能的函数 - 使用这些较低级别 /proc//ctrl 的高级代码的示例 基于函数,这里是我基于这些低级函数实现的一些示例高级函数的列表,这些函数演示了它们提供的所有构建块(几乎所有内容,正如我所说)

注意:这些是设计的对于需要执行的特定程序对于正在运行的二进制文件(没有符号)来说,存在异国情调/危险/不支持的事情,例如查找字符串和地址引用、定位和调用现有函数、注入和运行与位置无关的代码、挂钩系统调用和修改参数以及读取返回值等。这里有很多奇怪的功能。

另外,那些涉及搜索字符串和指针引用的内容写得不是很好——它们只是为了在我正在使用的应用程序上工作而编写的。您确实应该使用类似真正的二进制分析库之类的东西来完成类似的事情,但这只是展示了 proc 接口的强大功能。这都是针对 Solaris 9/10 SPARC 的。示例:

TrapPostSyscall (pid, SYS_dup);
SingleStep(pid,lwpid,flags);
AttachProcess (pid);
ContinueProcess (pid, PRCFAULT | PRCSIG | PRSABORT);
DetachProcess (pid);
GetFaultAddress(pid,1);
GetMainDataSection (pid, &datamap);
WhyStopped (pid, 1));
PrintRegisters(regs);
ReadGeneralRegisterSet (pid, 1, &saved_regs);
SetProgramCounter (pid, 1, mapping - 4);
StopProcess (pid);
TraceFault (pid, FLTWATCH);
TrapPostSyscall (pid, SYS_dup);
TrapPostSyscall (pid, SYS_execve);
TrapSyscallClearall (pid);
WaitForProcessStop (pid);
WatchMemory (pid, datamap.pr_vaddr, datamap.pr_size,WA_TRAPAFTER | WA_WRITE);
WriteGeneralRegisterSet (pid, 1, &saved_regs);
WriteToProcess (pid, mapping, call_pic, sizeof (call_pic));
ReadFromProcess (pid, prmap.pr_vaddr, buff, size);
GetIndividualRegister (pid, 1, R_O0, (long *) fd);
SetIndividualRegister (pid,1,R_O0,fd);
IsProcessStopped (pid);
SearchProcessForReference (pid, stringat);
SearchProcessMem (pid,needle,strlen(needle)+1);
GetPreviousSave (pid, SearchProcessForReference (pid, stringat));
GetMapFromVirtualAddress (pid, base, &prmap);
GetNextProcessMapping (pid, &prmap);
SearchProcessWordRef (pid, addr);
GetReadWriteExecMapping (pid);
CreateRemoteMapping (pid, NULL, PAGESIZE)
TrapSyscall (pid, SYS_dup);
TrapSyscallClearall(pid);
TrapPostSyscall (pid, SYS_dup);
TrapPostSyscallClearall (pid);

如果您对此感兴趣,我可以将低级或高级内容 GP​​L,您可以非常轻松地围绕它们生成 ptrace 兼容的包装器。给我发一条信息,我将在GPLv2下分享

EDIT: added and removed stale info on how to contact me and how I would license the code to you

I ended up using /proc/<pid>/ctrl and the other various interfaces in /proc/<pid> to write my own library for doing ptrace() like things. Unfortunately, that interface (at least at the time) was marked as not safe to use directly, could change at any time etc. but it seemed stable in practice. No idea if it has since changed ,this was circa 2011 or so I think...

To develop the basic ptrace equivalent functionality, start with:

man 4 proc

Using the /proc/<pid>/ctrl interface, you can do just about everything (and more) than you can with ptrace such as read/write memory/registers, attach/detach, set syscall breakpoints, etc, etc. With not too much work, you can write your own ptrace emulation API. These are the prototypes for the low-level part of the API I wrote:

procfs_ctl_PCSFAULT (pid_t pid, fltset_t * fltset);
procfs_ctl_PCWATCH (pid_t pid, prwatch_t * prwatch);
procfs_ctl_PCSTRACE (pid_t pid, sigset_t * sigset);
procfs_ctl_PCSEXIT (pid_t pid, sysset_t * sysset);
procfs_ctl_PCSENTRY (pid_t pid, sysset_t * sysset);
procfs_ctl_PCWSTOP (pid_t pid);
procfs_ctl_PCSVADDR (pid_t pid, long vaddr);
procfs_ctl_PCSTOP (pid_t pid);
procfs_ctl_PCWRITE (pid_t pid, off_t off, void *buff, size_t count);
procfs_ctl_PCTWSTOP (pid_t pid, long delay);
procfs_ctl_PCSCRED (pid_t pid, prcred_t * cred);
procfs_ctl_PCREAD (pid_t pid, off_t off, void *buff, size_t count);
procfs_ctl_PCSSIG (pid_t pid);
procfs_ctl_PCRUN (pid_t pid, long flags);
procfs_ctl_PCDSTOP (pid_t pid);
procfs_ctl_PCCSIG (pid_t pid);
procfs_ctl_PCCFAULT (pid_t pid);
procfs_ctl_PCKILL (pid_t pid, long signal);
procfs_ctl_PCSREG (pid_t pid, long lwpid, prgregset_t * regs);

You can probably see how easily it would be to then write a compatibility layer for ptrace on top of these functions. The book Solaris Internals was really useful while doing this- while the chapter on the proc interface was pretty much a verbatim copy of the man pages, it was nice to have to flip through quickly.

Ultimately, I ended up not producing a ptrace compatible API- I skipped that step and implemented functions that performed much higher level functions- an example of the high level code that used these lower level /proc/<pid>/ctrl based functions, here is a list of some example high-level functions I implemented based on these lower-level functions that demonstrates all of the building blocks they provide (pretty much everything, as I said)

NOTE: These were designed for a specific program that needed to do exotic/dangerous/unsupported things to a running binary (without symbols) like find string and address references, locate and call existing functions, inject and run position independent code, hook system calls and modify arguments and read return values, etc. so there are quite a few weird functions here.

Also, the ones involving searching for references to strings and pointers are not very well written- they were just written so that they would work on the application I was working with. You should really use something like a real binary analysis library for things like that, but this just demonstrates how powerful the proc interface is. This was all for Solaris 9/10 SPARC. Examples:

TrapPostSyscall (pid, SYS_dup);
SingleStep(pid,lwpid,flags);
AttachProcess (pid);
ContinueProcess (pid, PRCFAULT | PRCSIG | PRSABORT);
DetachProcess (pid);
GetFaultAddress(pid,1);
GetMainDataSection (pid, &datamap);
WhyStopped (pid, 1));
PrintRegisters(regs);
ReadGeneralRegisterSet (pid, 1, &saved_regs);
SetProgramCounter (pid, 1, mapping - 4);
StopProcess (pid);
TraceFault (pid, FLTWATCH);
TrapPostSyscall (pid, SYS_dup);
TrapPostSyscall (pid, SYS_execve);
TrapSyscallClearall (pid);
WaitForProcessStop (pid);
WatchMemory (pid, datamap.pr_vaddr, datamap.pr_size,WA_TRAPAFTER | WA_WRITE);
WriteGeneralRegisterSet (pid, 1, &saved_regs);
WriteToProcess (pid, mapping, call_pic, sizeof (call_pic));
ReadFromProcess (pid, prmap.pr_vaddr, buff, size);
GetIndividualRegister (pid, 1, R_O0, (long *) fd);
SetIndividualRegister (pid,1,R_O0,fd);
IsProcessStopped (pid);
SearchProcessForReference (pid, stringat);
SearchProcessMem (pid,needle,strlen(needle)+1);
GetPreviousSave (pid, SearchProcessForReference (pid, stringat));
GetMapFromVirtualAddress (pid, base, &prmap);
GetNextProcessMapping (pid, &prmap);
SearchProcessWordRef (pid, addr);
GetReadWriteExecMapping (pid);
CreateRemoteMapping (pid, NULL, PAGESIZE)
TrapSyscall (pid, SYS_dup);
TrapSyscallClearall(pid);
TrapPostSyscall (pid, SYS_dup);
TrapPostSyscallClearall (pid);

If you have interest in this, I can GPL the low-level or high-level stuff and you can very easily produce ptrace compatible wrappers around them. Send me a note and I'll share under the GPLv2

回复 原文
~没有更多了~

关于作者

独留℉清风醉

暂无简介

0 文章
0 评论
24 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

Gabu-gabumon

文章 0 评论 0

qq_CgiN62

文章 0 评论 0

荔枝明

文章 0 评论 0

赏烟花じ飞满天

文章 0 评论 0

独守阴晴ぅ圆缺

文章 0 评论 0

¤→小豸慧

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文