riptracer

package module
v0.0.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 31, 2023 License: GPL-3.0 Imports: 12 Imported by: 3

README

Example Tests

riptracer

Execution tracer written in go. Think strace/ltrace for arbitrary code locations. Set breakpoints, manipulate memory/registers, etc...

Why?

I created this because I wanted to learn more about implementing a debugger on Linux.

I've been a longtime fan of usercorn. I even have a repo of example script usercorn_examples. But there are some drawbacks to having to emulate everything. Not all the system calls are implemented, and if the binary does threading, we're probably in for a rough time. I wanted to debug a threaded binary without emulating, and have custom debug functionality

Why not just use gdb?

With the power of gdb and some gdb scripts we'd be able to do similar functionality, but we'd need gdb on our target system, along with python for the scripting etc... All of which is fine, and totally possible, but a nicely compiled go binary can be deployed without having to worry about the dependencies needed. I want to spend time learning and debugging, not cross-compiling and in dependency hell. The real reason is what I already gave, I wanted to know how debuggers work in linux. What better way to implement one yourself.

Disclaimer

This is a toy project, I'll updated for as long as I find it useful and interesting. My aim here is not to rewrite strace/strace/dtrace/gdb/rr etc... You should totally use those for anything serious.

Documentation

Index

Constants

View Source
const DEFAULTEXECMPLENGTH = 32

How many bytes we want to use to compare mem to executable

Variables

View Source
var Blue = "\033[34m"
View Source
var Cyan = "\033[36m"
View Source
var Gray = "\033[37m"
View Source
var Green = "\033[32m"
View Source
var Purple = "\033[35m"
View Source
var Red = "\033[31m"
View Source
var Reset = "\033[0m"
View Source
var White = "\033[97m"
View Source
var Yellow = "\033[33m"

Functions

func CBFunctionArgs

func CBFunctionArgs(pid int, bp BreakPoint)

func CBPrintRegisters

func CBPrintRegisters(pid int, bp BreakPoint)

func CBPrintStack

func CBPrintStack(pid int, bp BreakPoint)

func Dump

func Dump(buff []byte)

Types

type BreakPoint

type BreakPoint struct {
	Address      uintptr
	OriginalCode *[]byte
	Hits         int
	Callbacks    []CallBackFunction
}

type CallBackFunction

type CallBackFunction func(int, BreakPoint) // CallBack Function Pointer

type Tracer

type Tracer struct {
	Process *os.Process
	ProcFS  procfs.FS
	// contains filtered or unexported fields
}

func NewTracerFromPid

func NewTracerFromPid(pid int) (*Tracer, error)

func NewTracerStartCommand

func NewTracerStartCommand(cmd_str string) (*Tracer, error)

func (*Tracer) ConvertOffsetToAddress

func (t *Tracer) ConvertOffsetToAddress(breakAddress uintptr) uintptr

func (*Tracer) EnableVerbose

func (t *Tracer) EnableVerbose()

func (*Tracer) GetBaseAddress

func (t *Tracer) GetBaseAddress() (uintptr, error)

func (*Tracer) GetMemMaps

func (t *Tracer) GetMemMaps() ([]*procfs.ProcMap, error)

func (*Tracer) SetBreakpointAbsolute

func (t *Tracer) SetBreakpointAbsolute(breakAddress uintptr, cb CallBackFunction)

func (*Tracer) SetBreakpointRelative

func (t *Tracer) SetBreakpointRelative(breakAddress uintptr, cb CallBackFunction)

func (*Tracer) SetExeComparisonLength

func (t *Tracer) SetExeComparisonLength(length int)

func (*Tracer) SetFollowForks

func (t *Tracer) SetFollowForks(enable bool)

func (*Tracer) Start

func (t *Tracer) Start()

Directories

Path Synopsis
examples

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL