Documentation ¶
Index ¶
- Constants
- Variables
- func CBFunctionArgs(pid int, bp BreakPoint)
- func CBPrintRegisters(pid int, bp BreakPoint)
- func CBPrintStack(pid int, bp BreakPoint)
- func Dump(buff []byte)
- type BreakPoint
- type CallBackFunction
- type ELF32_Rela
- type ELF32_Rela_Info
- type ELF64_Rela
- type ELF64_Rela_Info
- type SymbolResolver
- type Tracer
- func (t *Tracer) ConvertOffsetToAddress(breakAddress uintptr) uintptr
- func (t *Tracer) EnableVerbose()
- func (t *Tracer) GetBaseAddress() (uintptr, error)
- func (t *Tracer) GetMemMaps() ([]*procfs.ProcMap, error)
- func (t *Tracer) SetBreakpointAbsolute(breakAddress uintptr, cb CallBackFunction)
- func (t *Tracer) SetBreakpointRelative(breakAddress uintptr, cb CallBackFunction)
- func (t *Tracer) SetExeComparisonLength(length int)
- func (t *Tracer) SetFollowForks(enable bool)
- func (t *Tracer) SetHWBreakpointAbsolute(breakAddress uintptr, cb CallBackFunction)
- func (t *Tracer) SetHWBreakpointRelative(breakAddress uintptr, cb CallBackFunction)
- func (t *Tracer) Start()
- func (t *Tracer) Stop()
Constants ¶
View Source
const DEFAULTEXECMPLENGTH = 32
How many bytes we want to use to compare mem to executable
View Source
const DR_OFFSET = 0x350
https://en.wikipedia.org/wiki/X86_debug_register
View Source
const REG_SIZE = 0x8
Variables ¶
View Source
var Blue = "\033[34m"
View Source
var Cyan = "\033[36m"
View Source
var Gray = "\033[37m"
View Source
var Green = "\033[32m"
View Source
var Purple = "\033[35m"
View Source
var Red = "\033[31m"
View Source
var Reset = "\033[0m"
View Source
var White = "\033[97m"
View Source
var Yellow = "\033[33m"
Functions ¶
func CBFunctionArgs ¶
func CBFunctionArgs(pid int, bp BreakPoint)
func CBPrintRegisters ¶
func CBPrintRegisters(pid int, bp BreakPoint)
func CBPrintStack ¶
func CBPrintStack(pid int, bp BreakPoint)
Types ¶
type BreakPoint ¶
type BreakPoint struct { Address uintptr OriginalCode *[]byte Hits int Callbacks []CallBackFunction }
type CallBackFunction ¶
type CallBackFunction func(int, BreakPoint) // CallBack Function Pointer
type ELF32_Rela ¶ added in v0.0.6
type ELF32_Rela struct { R_offset uint32 R_info ELF32_Rela_Info R_addend int32 }
type ELF32_Rela_Info ¶ added in v0.0.6
type ELF64_Rela ¶ added in v0.0.6
type ELF64_Rela struct { R_offset uint64 R_info ELF64_Rela_Info R_addend int64 }
type ELF64_Rela_Info ¶ added in v0.0.6
type SymbolResolver ¶ added in v0.0.6
func NewSymbolResolver ¶ added in v0.0.6
func NewSymbolResolver(filepath string) (*SymbolResolver, error)
func (*SymbolResolver) GetPLTOffsetBySymName ¶ added in v0.0.6
func (s *SymbolResolver) GetPLTOffsetBySymName(symName string) (uintptr, error)
func (*SymbolResolver) GetPLTSymNameByOffset ¶ added in v0.0.7
func (s *SymbolResolver) GetPLTSymNameByOffset(offset uint64) (string, error)
type Tracer ¶
type Tracer struct { Process *os.Process ProcFS procfs.FS // contains filtered or unexported fields }
func NewTracerFromPid ¶
func NewTracerStartCommand ¶
func (*Tracer) ConvertOffsetToAddress ¶
func (*Tracer) EnableVerbose ¶
func (t *Tracer) EnableVerbose()
func (*Tracer) GetBaseAddress ¶
func (*Tracer) SetBreakpointAbsolute ¶
func (t *Tracer) SetBreakpointAbsolute(breakAddress uintptr, cb CallBackFunction)
func (*Tracer) SetBreakpointRelative ¶
func (t *Tracer) SetBreakpointRelative(breakAddress uintptr, cb CallBackFunction)
func (*Tracer) SetExeComparisonLength ¶
func (*Tracer) SetFollowForks ¶
func (*Tracer) SetHWBreakpointAbsolute ¶ added in v0.0.10
func (t *Tracer) SetHWBreakpointAbsolute(breakAddress uintptr, cb CallBackFunction)
func (*Tracer) SetHWBreakpointRelative ¶ added in v0.0.10
func (t *Tracer) SetHWBreakpointRelative(breakAddress uintptr, cb CallBackFunction)
Click to show internal directories.
Click to hide internal directories.